Zoho Backstage - PCI Compliance / Web Security
I have a couple of questions related to Backstage and payment processing....
1. my purchasing division is not giving approval to use Backstage yet because of some security issues. In order for us to take payments via a payment gateway like Authorize.net or others--the entire website that is built needs to be PCI dss compliant. However, documentation shows that only the Zoho Finance products are complainant. Even if Backstage doesn't accept payments--the third party (authorize.net) does--the website in which the transaction begins needs to be secure to ensure it is not hacked and redirect the person making the payments. Can anyone provide further information on this? What is the security of the website/app for the event? Has a SAQ-D-SP been completed?
2. Does Zoho Backstage have an option to use their own merchant account to collect payment in the company name, in their back accounts, and then send the client a check or electronic transfer on a regular basis? This would avoid the PCI compliance issue as Zoho would be completing the transactions.