More on PCI
We have recently had an interesting chat with a couple of different gateway providers who have approached allowing their customers to be PCI compliant in a similar but different way.
SagePay, formerly Protx, in the UK have released a version of their gateway called SagePay Server. This clever little module uses the SagePay secure PCI Compliant system to take the card details, but it appears to the customer that they have never left the merchants site.
They do this through the use of an iFrame. It is a very sweet little system and we have given it a bit of a thumbs up here as it is simple to integrate and works nicely.
We have released an interface for the SagePay module and this can be downloaded by our UK customers from our 7.0 Gateway page.
The other gateway we talked to are CRE Secure. They have taken a more global approach I suppose you could say.
The way CRE Secure works is they act as an extra layer in the checkout process by inserting themselves between your site and the payment gateway.
They themselves are not a gateway as such but instead work with many different gateways to provide a similar function as the SagePay system.
From what I understand, and I may have got this bit wrong, the custoemr goes through the checkout process as normal and when they go to the credit card page they are taken to the CRE Secure site.
CRE Secure take a "screen scrape" of your checkout page at this point so the customer is not aware that they have left your site except for the changing of the URL. Everything is exactly the same as before except you are at a a different location.
After the transaction goes through the custoemr is returned to the merchants web site all the while the custoemr is blissfully unaware of what has happened except they have easily checked out securely.
The merchant is happy because with very little effort they are now PCI Compliant and the customer is happy as they can shop safely.
CRE Secure are partnering with a growing list of gateways including PayPal, AuthorizeNet etc so are definitely a solution to watch. I am picking they will become a major force in the US from July this year as everyone scambles to become PCI Compliant.
We are in the process of developing an interface for CRE Secure. I will keep you posted once this is done.