I'm just trying to get info on the complex PCI IT topic. Looking for what methods are out there to resolve an issue as I'm coming to understand it.
1. webstore SaaS solution that allows us to create storefronts and customers buy things from their storefront.
2. we use Paypal(not sure which one) as the gateway for offline order processing.
3. Reportedly SaaS company isn't PCI compliant b/c they don't hand off to the gateway (paypal) for the user to pay with cc info.
4. We need to be able to easily have the customer process a refund without having to do this manually through gateway(paypal). Is how i hear we're doing this.
So are there any best practices API angles or ASP.NET or '3rd party' products/"ROUTES" that I can investigate to meet the need on line 4?
Trying to understand the flow of how people are dealing with this when a SaaS solution is involved and you're processing payment soffline via a gateway like paypal and needed to easily do refunds post authorization or pre authorization without touching/storing the customer cc. Dont want to store data on any of our servers either.