Web application that need to take payment online, then it has to follow the PCI DSS compliance (Payment Card Industry Data Security Standards). Ensuring that website is secure for taking payment and its not stolen the card data and password by anyone.
There are few point need to implement in application to follow PCI DSS compliance
a). Secure Hosting (Use SSL)
b). Use Latest TLS version of web server
c). Protect Card Data : Use Hosted payment form for any gateway (Not use website payment form)
d). CSRF token use for every request
e). Do not store card data in database : If need to reuse user card information then use token instead of storing card details
f). For reference if storing card data then store in masked format and store only last 4 digit of card number
g). Password Expiration policy
h). Always use strong password encryption algorithm for storing password in DB
i). Prevent XSS in application
There are few point need to implement in application to follow PCI DSS compliance
a). Secure Hosting (Use SSL)
b). Use Latest TLS version of web server
c). Protect Card Data : Use Hosted payment form for any gateway (Not use website payment form)
d). CSRF token use for every request
e). Do not store card data in database : If need to reuse user card information then use token instead of storing card details
f). For reference if storing card data then store in masked format and store only last 4 digit of card number
g). Password Expiration policy
h). Always use strong password encryption algorithm for storing password in DB
i). Prevent XSS in application
