PCI changes for GET method requests

PCI compliance and security are important to PayTrace. We know they are for you, as well.

Please take action by providing this post to your Information Technology staff or the software provider that is connected to your PayTrace account. Your transaction processing could be impacted.

Throughout the year, PayTrace’s PCI Qualified Security Assessor assists us by sharing the latest PCI updates and detailed information on how we can improve the security of our products and services. It’s part of our efforts to strengthen cardholder security and deliver continual improvements to our gateway.

What is the Issue and when is this happening?

One of the ways on which we’re improving cardholder security is how we accept sensitive information (credit card numbers, CSC, username, passwords) from customers using the HTTP request method, called “GET”, to communicate with PayTrace’s Traditional API.

PayTrace is disabling the acceptance of the GET method request Nov. 29, 2019 as part of our regular PCI compliance efforts.

What is the impact of this issue?

Passing sensitive information with the GET method can expose the sensitive information in a browser history, application logs, or proxy logs.

By PayTrace disabling the acceptance of the GET method, the software, application or integration you use to process your transactions could be impacted.

How can this issue be fixed?

• Update your software, application, or integration to use POST method when communicating with PayTrace’s API.
• Update your software, application, or integration to use the most current REST API.

If you have comments, questions, or concerns please contacts us at 888-806-6545 or at developersupport@paytrace.com.