top | item 29589945

(no title)

sidm83 | 4 years ago

Again, generalization. What you're talking about mostly refers to small time sites with maybe not more than few dozen orders a day. Typical ecommerce businesses (usually the kind with at least 100s or 1000s of orders a day) write their own code rather than using WP plugins.

As far as PCI DSS goes, there are multiple levels. Even at the tier 2 Indian ecom company I used to work at, we did not store any card info, it was just submitted in an iframe rendered by the payment gateway. And even then we were subjected to annual/semi-annual security audits (this was in addition to quarterly external security audits we ordered ourselves apart from typical OWASP top 10 checks performed by QAs in weekly sprints).

discuss

No comments yet.