The site uses cookies to work. Please confirm acceptance of this information
OKRegistration of compliance with the requirements of PCIDSS (Payment Card Industry Data Security Standard) is a mandatory procedure for everyone who somehow deals with the processing of payment card data. In most cases, the lack of certification not only creates risks, but makes accepting online payments virtually impossible.
PCIDSS is mandatory for all organizations that:
Formally, any company involved in card payment processes is subject to the industry data security standard. The presence or absence of its own processing does not matter: the very fact of accessing payment card data is important.
There are four levels of merchants according to the PCIDSS standard, depending on the annual volume of transactions:
The lack of PCIDSS certification is:
That is why the design of PCIDSS becomes not a desire "for show", but a necessity. — especially in competitive areas, where abandoning bank acquiring means direct losses.
The decision to "do certification later" often ends up having to urgently refine the infrastructure, wasting time and money. Banks increasingly require confirmation of compliance with PCI DSS requirements already at the stage of opening an account or acquiring an account. Without this, it is impossible to get a merchant ID or start accepting payments through Visa, Mastercard, and American Express systems.
A common mistake for beginners of eCommerce and fintech services is underestimating the role of the Payment Card Industry Data Security Standard: "we have only the first version of the project so far, it`s too early to think about documentation and audits". However, later, when trying to scale, it turns out that the system does not meet the basic technical requirements of data protection. This leads to urgent rework and doubled costs.
If customer data is already being processed, you are formally responsible for protecting it. This cannot be avoided, even with a small volume of operations.
PCIDSS registration is not just about "signing an act". This is a whole cycle of work, including the technical, regulatory and organizational adaptation of the company to the requirements of the payment card industry data security standard. This is how it looks in stages:
Infrastructure audit
The first step is to define the boundaries of the system in which payment card data circulates or may potentially circulate. This includes:
The audit is conducted either by internal specialists trained in PCI DSS standard or by external consultants. As a result, a data map is generated. — it defines the scope of control and the area of responsibility.
Gap analysis
Based on the PCIDSS standards, the existing state of the infrastructure is compared with the requirements of the standard., identification of gaps and ranking of vulnerabilities by criticality.
Corrective measures and implementation
After the analysis, a route plan of amendments is developed and implemented:
Each change is recorded in the configuration and described in the auditor`s future reports.
Testing
It includes mandatory procedures:
Without testing, it is impossible to prove the control of technical measures. The scan must take place over networks that interact with card data.
Reporting and documentation
At the final stage, a complete package is formed.:
Getting certified
After the final verification and approval of the documentation, the certification is considered completed. Depending on the trading level, it is confirmed by QSA (Qualified Security Assessor) auditors or a SAQ questionnaire is completed if all supporting documents are available. Banks and systems (Visa, Mastercard, American Express) accept certification as the basis for the system`s admission to card transactions.
The main difficulty in obtaining PCIDSS compliance is not the verification itself, but the preparation for it. Most companies are faced with the fact that the requirements of security standards contradict the current architecture, business logic or processes. Here, even a minor mistake is worth losing deadlines or refusing approval by the auditor.
We have set up the process so that we can get the company through certification as quickly and painlessly as possible. How?
Audit before the start of the project
Even before signing the contract, we carry out a technical screening of the infrastructure.:
This gives the client a real understanding of what is ahead and allows them to calculate the budget in advance. If the infrastructure already meets PCI DSS payment card industry requirements — we immediately switch to SAQ/ROC and save time.
Individual route maps for each platform
Our experts have developed route maps for dozens of popular architectures:
Thanks to this, we don`t "guess" how to structure incoming and outgoing traffic. — We know exactly how your system works and what is required to comply with the DSS payment card industry.
Support of interaction with the bank
We provide full support to the client:
This is critical when opening merchant accounts or entering new markets.
Minimizing time due to a clear structure
The speed of the passage depends on how systematically the work is structured. We have it debugged:
Clear result and without risks
We do not promise abstract “compliance with the payment card industry security standard". We give the client:
Need to make a payment quickly? In your personal account, you can instantly issue an invoice for payment in any of the cryptocurrencies offered by the service for the required amount. After the customer pays the bill, the funds will be credited to your account within a few minutes.
After paying the client`s bill, the daily messages will be published on your website within a few minutes.
Thank you for your interest in our solutions. Fill out the form and we will contact you soon to discuss the right solution for your business.
You will be contacted as soon as possible.
System requirements:- Wordpress version - from 3.8- WooCommerce version - from 2.0- PHP version - from 7.0
Installation:1. The contents of the archive should be placed in the Wordpress plugins folder (by default - {site root} / wp-content / plugins /)2. Go to the site admin section (/wp-admin/) and activate the "WooCommerce - Wallex" plugin 3. Go to the section "WooCommerce" - "Settings" - "Checkout"4. At the bottom of the page, in the "Payment gateways" section, click the "Settings" button opposite "Wallex Payments"5. Enter your seller`s details.
System requirements:- OpenCart version - from 3.0- PHP version - from 7.0
Installation: 1. Copy the admin and catalog folders to the root of the site 2. Go to the admin panel of the site 3. Select the menu "Add-ons" -> "Payment"
* The CNC must be configured for each language separately 10. Add the received link (https: // my-site / response) to your Wallex account “My Store” -> “Settings" -> “Successful redirection” Received link (https: // my-site / response)
System requirements:- Joomla version - from 3.0- Virtuemart version - from 3.0- PHP version - from 7.0
Installation:1. To install the payment acceptance module, you must download the archive from your Wallex account.2. Install via the module installer in the admin panel (Extensions -> extension manager -> Download package file, etc.)3. In the module management menu, activate the plugin (Extensions -> Extension Manager -> Management)4. Then go to the Virtuemart admin page and go to: Components->Virtuemart->Payment Methods->Add a payment method)5. Fill in the first tab and click "Save"6. Go to the "Configuration" tab (Settings)7. Fill in the fields and click "Save" (for further configuration, remember the value of the cid[] parameter from the address bar)
Set up links in your Wallex account - My Store-Settings1. Successful URL - https://joomla.retailcrm.club/index.php/compomemt/com_virtuemart 2. Callback - https://joomla.retailcrm.club/index.php?option=com_virtuemart&view=pluginresponse&task=pluginnotification&tmpl=component&pm = X (insert the value from step 8 instead of X at the end)3. Unsuccessful - https://joomla.retailcrm.club/index.php?option=com_virtuemart&view=pluginresponse&task=pluginUserPaymentCancel&pm = X (insert the value from step 8 instead of X at the end)
System requirements:- Drupal version - from 7.x- Commerce version - from 1.15- PHP version - from 7.1 - 7.4
Installation:Unpack the archive “{your_site}/admin/modules/install"Log in to the admin panel and install -> “COMMERCE (PAYMENT) WALLEX". Click Save.Set up the WALLEX payment gateway.. drupal payment gateway settings: drupal commerce & ubercartEnter the data from your personal account.Drupal commerce payment Gateway SettingsThe Drupal payment gateway from WALLEX allows you to automate the process of accepting payments from electronic wallets and any bank cards.
System requirements:- PHP version - from 7.2
Installation:The contents of the repository should be placed in the root directory of the site#After that, you need to:Go to the administrative part of the online store.Go to the "Payment Systems" page ("Store" - > "Store Settings" ->; "Payment systems")Click on the "Add payment system" buttonFill in the general information about the payment system.Go to the appropriate tab ("Individuals" or "Legal entities") and fill in all the necessary informationmake the payment system active and click "Save"Enter the links from the list below in the seller`s settings.callback URLhttp://ваш домен/bitrix/tools/wallex_result.php Successful redirectionhttp://ваш domain/personal/orders/Cancel redirectionhttp://ваш домен/bitrix/tools/wallex_fail.php
After your company has passed moderation, you can start receiving funds using the payment form. The link to the payment form is available in the company information and has the format https://wallex.zone/widget /{id}, where {id} is the digital identifier of your seller. In order for the form to work correctly and open, you must send the URL to the client, specifying in the request a set of parameters described below. The best way is to format the sending parameters using a POST request. This can be done using javascript or in a hidden form, although this form will also work if the parameters are simply sent by the GET method. But this method is not considered safe
Description of payment form parameters
client - client`s email address
product - Purpose or payment or product name
price - The price for one unit multiplied by 100 (if the price is 110.55 euros, this value will be 11055)
quantity - Quantity, if greater than 1, then the final amount will be equal to quantity*price
currency - Cryptocurrency code for payment (for example, usdt)
fiat_currency - The code of the fiat currency (rub, kzt, try) for payment, by default - rub
uuid is a unique payment number in our system. If you don`t use identifiers, just set a random value in this parameter
language - Transaction language, by default - ru
message - A short message to the user will be sent by email when paying
description - A brief description of the service, will be shown in the payment form
card_number - The card number of the payee (Used only for acquiring), the field is optional
sign is a digital signature of the data, a sha1 cache string consisting of the specification of all request parameters and your SECRET KEY:
sha1(client+product+price+quantity+currency+fiat_currency+uuid+language+message+description+card_number+SecretKey)
$link = 'https://wallex.zone/widget/69?data='.base64_encode(http_build_query([ 'client'=>'test@test.ru', 'product'=>'product', 'price'=>300*100, 'quantity'=>1, 'currency'=>'usdt', 'fiat_currency'=>'rub', 'uuid' => '1234qqqq', 'language' => 'ru', 'description' => 'test', 'sign' => sha1('test@test.ru'.'product'.(300*100).'1'.'usdt'.'rub'.'1234qqqq'.'ru'.'test'.'SECRET KEY') ]));
As soon as the funds are credited to your account, our system sends a POST request to the specified URL callback link. The request contains the following set of parameters:
status - success for successful payment, fail for cancellationclient - client`s email
currency - Payment currencyamount - Amount of funds transferred
uuid - the uuid that you sent when initializing the form
commission - payment service commission
product - Purpose of payment or, product name
sign is a digital signature of the data, a shal cache string consisting of the specification of all request parameters and your SECRET KEY:.sha1(status+client+currency+amount+uuid+commission+product+SecretKey)To accept payments in cryptocurrency, the link parameters remain the same, the amount in the price parameter is transmitted in the currency specified in fiat_currency. Our system itself will recalculate the equivalent in the cryptocurrency passed in the currency parameter. At the moment, payments are accepted in ETHEREUM, BITCOIN and USDT (eth, btc, usdt).
To create a payout, you need to send a request to the URL https://wallex.zone/payout/new containing a serialized json object in the body, with the following set of parameters:
composer require sq-dev/wallex-sdkuse Wallex\Widget;
$widget = new Widget(1, "secret_key");
$url = $widget->cretePayment(
"client@mail.ru",
"Xiaomi 9T",
1000,
1,
"Hello thanks for order",
"Xiaomi 9T",
"USDT",
"rub",
"ru"
); // Returns payment url
use Wallex\Webhook;
$payment = new Webhook($_POST);
if ($payment->isVerified("secret_key") && $payment->isSuccess()) {
// Payment success logic
//F.e:
$client = $payment->getClient(); // Get client email
User::where("email", $client)
->update(["balance" => $payment->getAmount()]);
}
use Wallex\Payout;
$payout= new Payout($MerchantId, $SecretKey);
$payout->cryptoPay($address, $amount, $currency);