How to submit credit card info to a separate server/website (PCI)

My company has a website/service that stores/processes credit cards and is PCI compliant (Site A). We also have websites with storefronts that need to submit credit card data to that site for processing (Site B). When someone orders something on Site B, and enters their billing information, how do I submit that information to Site A and remain PCI compliant?

Obviously they're on a secure page on Site B, when they are entering their billing details.

Can I just post the form to a secure page on Site A from a secure page on Site B? Do I need开发者_如何学运维 to encrypt the credit card during this transaction? Obviously it is stored in some sort of encrypted state, but does it need to be encrypted during the submit transaction?

Do I need to setup some sort of handshake between the websites, like a secret key? If so, what would be a secure way to create that key/handshake?

We've been reading and reading about PCI compliance trying to find concrete answers, but it seems kindof subjective, and obscure what we are supposed to be doing.

In short the PCI-DSS states that credit card information must never be in plain text. That being said you should whip up your own protocol for this. HTTPS is a great solution.

Site B is in your PCI scope as long as the CC data are there even for a nanosecond.

If you want them out, think of a way of bringing up a secure page from A when paying, and then notify B only about the result, with no CC details disclosed.