Ok, so I have setup a Docusign Connect to a 3rd party application (Infusionsoft) and have it working great.
They don't natively work together, so I created a php script that reads the tabs in the docusign envelope, and passes it to Infusionsoft, along with a copy of the completed envelope itself.
Now I would like to pass payment info through this as well, as one of the document templates I have in Docusign is a billing agreement. I have done a test run of this with dummy info and I am able to do this well, BUT, I now have to be concerned with PCI compliance on this, right?
I have a dedicated server with a domain that has an SSL certificate which is hosting the php script, which does not store any information. It just passes the docusign info (gathered by using the docusign connect) and then formats it so it can be accepted by Infusionsoft.
I am a novice programmer, and pretty ignorant regarding knowledge behind encrypting data or securing a connection. The fact that Docusign passes the info through an XML file seems to be not ideal for handling sensitive data (at least I would imagine), and that is something that is out of my control.
So what I am asking is would it be possible to securely transmit payment info (credit card or bank account) through a Docusign connect connection in the type of setup I have? If so, how would I approach it? I am open to hiring a programmer if needed or getting a different server setup if it was necessary.
I can do this without adding the payment info to the template, and just adding it afterwards directly into Infusionsoft to limit my liability, but it would be so much easier if I could do it directly through Docusign Connect as it would automate the entire sign up process.
Well Comodo's test turned up a bunch of holes and warnings, with a detailed report of what to fix. I took that in turn to Hostgator support, who went ahead and made the appropriate changes to fix the holes. The also reported that their were a bunch of false positives with supporting documentation.
So I have to do another test to verify that everything was closed up and report the false positives. But other than that it seems like it should all be cleared up.
I also spoke with Docusign Support over the phone about this, and they confirmed other companies are doing what I am doing as well, which was reassuring.
So in short, use Comodos online scan tool to see what holes you have. Then contact your hosting company to fix the holes. Not a great answer, but I suppose better than nothing.