2Checkout PCI compliance
A client has approached me asking how to achieve PCI compliance for 2checkout.com for his WooCommerce store using Trexle. Luckily, it happened that I had an established 2checkout account since 2005, and it happened that I have an active subscription at Trexle (I had to pay for it even though I am the founder!) so the procedure didn’t take minutes to achieve the solution.
First of all, I had to get my 2checkout API keys by logging into 2checkout.com and clicking the API link..
Then, on trexle.com itself I logged into the dashboard, navigated to the payment gateways tab as shown below, selected 2checkout.com from the drop-down menu, and put my 2checkout publishable and private API keys respectively..
After adding the 2checkout gateway the green Activate button indicates the current activate gateway for my own account; Stripe. I have to click on the orange Activate button beside 2checkout gateway in order to have it live. Finally, I made a demo installation on demo.trexle.com/wordpress/shop and installed WooTrexle; Trexle extension for WooCommerce, and configured it according to the instructions on the 2checkout WooCommerce integration page. Here is how the checkout page looked like..
After clicking Place Order, what happened in the background was that the credit card data I entered – which is a test card provided from 2checkout – has been tokenized by trexle.js on the customer (me, in this example) browser, sent to Trexle servers, forwarded to 2checkout servers, and then retrieved back to me as a meaningless token representing the provided credit card data. All without having the actual credit card data touching the merchant demo.trexle.com servers. Since the token is stored on the merchant server, he can later reuse this token for later purposes, like collecting recurring payments or whatever.
The result? 100% PCI compliance for the demo merchant store. You can see that the test payment order has actually worked, and furthermore you can see the API calls made on 2checkout.com dashboard. And I can tell you eventually that my client was really happy. Funny thing is that the actual process takes less time than the time you needed to read this.