Skip to main content

PCI Compliance

We have chosen a slightly different path for exposing the payments API to FileMaker.  The main reason is we want to avoid having to deal with PCI compliance in any way. We can do this by not every allowing credit card or bank account information to go through our servers.

Like most modern payment process Intuit provides a method for doing this. The general concept is called tokenization. You post sensitive information, like credit card data, directly to Intuit's servers, and you get back a token that represents that credit card or bank account.  Then you make a second request to actually perform the charge or debit.

Intuit's API allows you to use Credit Card or Bank Info directly in all the requests that can result in a charge on a card or a debit of a bank account. We do not. We only allow using a token.

If you want to maintain PCI compliance with your own solution, never allow Credit Card numbers or Bank Accounts to be saved in your solution. You can do this with FileMaker by only using global fields for entering the credit card information, and always clearing them as soon as you are done with them.  Never store this kind of data in your system. Ever!