Tue Nov 13, 2018 2:23 pm
Hi,
Unfortunately, no, that is not the purpose of the is_pci flag. This flag only determines which pool of systems will be used to execute your application once the call begins. In order to guarantee PCI compliance, you should only send non-PI/PII data to the outbound APIs. The data that is sent to these APIs is NOT in scope for PCI.
After the call begins, your application will be executing in the PCI environment and any data that is then exchanged between our systems and your application servers is in scope for PCI. This gives you full control over the logging of private data and allows you to make sure all data is transmitted using the proper encryption techniques.
Please let us know if you have any further questions.
Regards,
Plum Support