IFRAME - Am I considered PCI compliant if I tokenize the credit number, but accept exp date and cvd?

IFRAME solution does not allow enough flexibility for design customizations, so I decided to tokenize only the credit number and ask Exp Date and CVD through my system. I have two questions:

1) Am PCI compliant or I need to tokenize CVD and Exp Date as well? 

2) Does Moneris API allows to pass Exp Date and CVD via API later ? I will need to add customer to Vault, get permanent token, do VbV/MCSC, AVS, CVD, eFraud

Thanks

  • Yes, if you'd like you could have the CVD and Expiry date hosted in  your own environment. In that case, SAQ-A EP and all its PCI requirements apply.

    If you choose to use Moneris Hosted Payment/Tokenization/Vault Page to host and manage all of the card data information, SAQ-A would apply.

  • In reply to ME_Moneris:

    I've found a beautiful solution that allowed me to customize iframe's design and make it user-friendly, let Moneris tokenize everything and kept us PCI compliant.

    Using CSS, I made the iframe background transparent, put the credit card image behind it, and using absolute positioning put inputs where I need them. The user won't even know there is an iframe.

     Hola at me if you need help

    artem at cssmail.net

  • In reply to Yagga:

    This looks awesome! Do you mind sharing the CSS?