PCI Vault Forms

Description

Securely capture payment card data from your site using PCI Vault. PCI Vault is a vendor neutral PCI DSS compliant environment designed to reduce your PCI compliance scope to a SAQ by using credit card tokenization.

Data captured with this plugin will be sent to PCI Vault’s DSS compliant environment directly, and will not be present on your own server. This allows you to securely capture and tokenize credit card data without being PCI DSS compliant.

How it Works

The plugin comes with a short code that loads PCI Vault’s own Payment Card Data (PCD) form, and makes all the necessary requests to the PCI Vault API in order to get the form working. You can read more on the API side of things here.

Take note that this includes 2 paid API requests: 1 when the form loads, and 1 when the data is being sent to PCI Vault.

To use this plugin, add your authorisation details, and the user/passphrase for a key, in the PCI Vault Options menu. You can then load the capture form anywhere in your site by using the pcivault_capture shortcode.

Shortcode Attributes

All valid short code attributes are imported directly into the javascript that renders the form. The security of these attributes are the responsibility of the site, and not PCI Vault.

Every attribute must be a valid Javascript expression. We recommend to use function calls that return the values you want the attributes to have, this will grant extra flexibility and avoid issues with WordPress’s sanitisation.

The attribute options are:

  • success_callback: A JS function to call if the card was successfully stored.
  • error_callback: A JS function to call if the card was not successfully stored.
  • extra_data: Extra data to store along with the card, must be a valid JS object. This is where using a JS function call really helps.
  • show_card: A true/false value on whether or not to show the card on the form.
  • disable_luhn: A true/false value on whether to disable validation on all form fields.
  • force_keypad: A true/false value on whether to force the user to use a randomised on-screen keypad for entering card numbers. This helps to protect you from key-loggers.
  • field_options: A configuration object for specifying which of the form fields to show or validate.

For more information on these fields, please check the documentation for PCI Vault’s Payment Card Data (PCD) form.

PCI Vault

All of the magic behind this plugin happens on PCI Vault’s environment.

This plugin sends an authenticated request to PCI Vault, retrieving a unique capturing endpoint.

This request includes your authentication details, and the key/passphrase pair specified in the PCI Vault Options menu.

This plugin also loads a hosted PCD form from PCI Vault.

You need to be a customer of PCI Vault for this plugin to work. You can view our pricing and register an account.

Also have a look at our Terms of Service and our Privacy Policy.

Screenshots

  • The PCD form.
  • When the user fills in their CVV number, the card flips.
  • The form after the data has been captured.

FAQ

I would like to have additional functionality

This plugin is still in it’s infancy. Your feedback will be much appreciated.

If you need additional functionality in order to use this form, please let us know.

What if I want to capture sensitive data that is not credit card data?

PCI Vault can securely store any JSON formatted data. If you would like to store another type of data, please let us know. We can easily add other types of form to the plugin.

What if I want to see the data I have in the vault?

You can query PCI Vault API directly from your browser.

It is also possible to add query functionality to the plugin. Please let us know if this interests you.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“PCI Vault Forms” is open source software. The following people have contributed to this plugin.

Contributors

Translate “PCI Vault Forms” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.1.3 (2024-10-08)

  • Updated short description

1.1.2 (2024-10-08)

  • Updated documentation to provide more clarity on credit card tokenization
  • Test plugin on WordPress version 6.7

1.1.1 (2023-03-28)

  • Add more default fields to the data stored in the vault
  • Also make stored data available for the js callbacks
  • Test plugin on WordPress version 6.1.1

1.1.0 (2022-12-23)

  • Expand shortcode attributes to give more control over the card form

1.0.2 (2022-08-22)

  • Reduce required WordPress version from 5.7.0 to 4.3.1

1.0.1 (2022-08-22)

  • Reduce required WordPress version from 6.0.1 to 5.7.0

1.0.0 (2022-08-17)

  • Initial version