We use a custom developed open-source e-commerce software. We are SAQ D and I am trying to figure out which of these requirements applies to our cart if:
- We aren't storing credit card information
- We transmit credit card information from the user to our server via TLS 1.2 and from our server to the payment gateway via TLS 1.2
I understand there is a boatload of networking, hosting, and process requirments that need to be met, but what specifically is required of a custom shopping cart?
