IFRAME solution does not allow enough flexibility for design customizations, so I decided to tokenize only the credit number and ask Exp Date and CVD through my system. I have two questions:
1) Am PCI compliant or I need to tokenize CVD and Exp Date as well?
2) Does Moneris API allows to pass Exp Date and CVD via API later ? I will need to add customer to Vault, get permanent token, do VbV/MCSC, AVS, CVD, eFraud
Thanks
Yes, if you'd like you could have the CVD and Expiry date hosted in your own environment. In that case, SAQ-A EP and all its PCI requirements apply.
If you choose to use Moneris Hosted Payment/Tokenization/Vault Page to host and manage all of the card data information, SAQ-A would apply.
In reply to ME_Moneris:
I've found a beautiful solution that allowed me to customize iframe's design and make it user-friendly, let Moneris tokenize everything and kept us PCI compliant.
Using CSS, I made the iframe background transparent, put the credit card image behind it, and using absolute positioning put inputs where I need them. The user won't even know there is an iframe.
Hola at me if you need help
artem at cssmail.net
In reply to Yagga: