Securely
capture payment card data from your site using PCI Vault. PCI Vault is a vendor neutral PCI DSS compliant environment designed to reduce your PCI compliance scope to a SAQ by using
credit card tokenization.
Data captured with this plugin will be sent to PCI Vault's DSS compliant environment directly, and will not be present on your own server. This allows you to securely capture and
tokenize credit card data without being PCI DSS compliant.
How it Works
The plugin comes with a short code that loads PCI Vault's own
Payment Card Data (PCD) form, and makes all the necessary requests to the
PCI Vault API in order to get the form working. You can read more on the API side of things
here.
Take note that this includes 2 paid API requests: 1 when the form loads, and 1 when the data is being sent to PCI Vault.
To use this plugin, add your authorisation details, and the user/passphrase for a key, in the PCI Vault Options menu. You can then load the capture form anywhere in your site by using the
pcivault_capture
shortcode.
Shortcode Attributes
All valid short code attributes are imported directly into the javascript that renders the form. The security of these attributes are the responsibility of the site, and not PCI Vault.
Every attribute must be a valid Javascript expression. We recommend to use function calls that return the values you want the attributes to have, this will grant extra flexibility and avoid issues with Wordpress's sanitisation.
The attribute options are:
- success_callback: A JS function to call if the card was successfully stored.
- error_callback: A JS function to call if the card was not successfully stored.
- extra_data: Extra data to store along with the card, must be a valid JS object. This is where using a JS function call really helps.
- show_card: A true/false value on whether or not to show the card on the form.
- disable_luhn: A true/false value on whether to disable validation on all form fields.
- force_keypad: A true/false value on whether to force the user to use a randomised on-screen keypad for entering card numbers. This helps to protect you from key-loggers.
- field_options: A configuration object for specifying which of the form fields to show or validate.
For more information on these fields, please check the documentation for PCI Vault's
Payment Card Data (PCD) form.
PCI Vault
All of the magic behind this plugin happens on PCI Vault's environment.
This plugin sends an authenticated request to PCI Vault, retrieving a
unique capturing endpoint.
This request includes your authentication details, and the key/passphrase pair specified in the PCI Vault Options menu.
This plugin also loads a
hosted PCD form from PCI Vault.
You need to be a customer of PCI Vault for this plugin to work. You can
view our pricing and
register an account.
Also have a look at our
Terms of Service and our
Privacy Policy.