I’m interested in learning about PCI compliance requirements related to mailed Bill Pay.
Currently, I have a form that is submitted to authorize.net, I do not store credit card information in a database or any other means.
My question is about ASP.NET ViewState and PostBack values. If the user forgets to enter his name on the form, the form performs a postback and displays a verification message. Then ASP.NET recovers all user input from ViewState. This includes the credit card number they entered. For me, this seems like a violation of PCI Compliance. I am not an expert, although I'm not sure if anyone could shed light on this topic, that would be great.
In addition, FYI, in case someone asks a question, the form is sent via SSL, and my viewstate is encrypted.
source
share