

PCI-DSS compliant 3-D Secure open-source bare-minimum isolated component - JoelJacobson
https://github.com/joelonsql/pci-blackbox/blob/master/EXAMPLE.md

======
JoelJacobson
This is inspired by what the tech guys at Skype did. They didn't want to go
through the enormous hassle of PCI-ing their entire business, so they put all
the card stuff in a separate server room in a separate software component,
which they made PCI-compliant, totally isolated from their main system.

If you _really_ need to deal with card numbers, then it might be a good idea
to put as little code as possible in a small component which you isolate and
separate from your other system components.

This code has not yet been put into production, we want to get some feedback
first.

It's a bit like Spreedly, except there is only one PSP supported so far,
Adyen, and the code is open-sourced, and the card numbers are encrypted with a
key that is not stored in the pci-blackbox, instead it is returned to the
caller, meaning there is no way to decrypt the card data if someone would hack
into the pci-blackbox, except for new card numbers sniffed after the
intrusion.

