Home/ Questions/Q 910633
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T17:04:32+00:00

I’m considering using eWay as payment gateway. They offer two options. One is to

  • 0

I’m considering using eWay as payment gateway. They offer two options. One is to to allow users to type in credit card data on eWay hosted website, the other to use my own form and send credit card data via my server to eWays backend. The second option (their page with details) seem more appropriate for me as user would never leave my site and branding would be maintained.
Now, I spoke to support and they said that my site will be PCI compliant as long as I use SSL. So basically I can allow users to provide CC numbers on my site and send it to eWays backend via XML. As long as I don’t store sensitive data, but transfer only it is ok. Until now I thought as long as CC data hits my server my site needs to be PCI compliant but now I’m not sure. If someone could explain to me how it really is that would be much appreciated.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If your system handles card data then its in scope of PCI and must be PCI compliant.

    Q: To whom does PCI apply?
    A: PCI
    applies to ALL organizations or
    merchants, regardless of size or
    number of transactions, that accepts,
    transmits or stores any cardholder
    data. Said another way, if any
    customer of that organization ever
    pays the merchant directly using a
    credit card or debit card, then the
    PCI DSS requirements apply

    http://www.pcicomplianceguide.org/pcifaqs.php

    Edit; “eWays” as your gateway provider are Tier 1, and its belholden to them to actually ensure your PCI compliant, so its a bit dodgy of them to palm you of with the SSL spiel.

    • 0