PCI compliance

[Guest StrongBox]

As of July 2010, business owners who fail to adhere to PCI Compliance standards are risking up to $500,000 in fines.

Many businesses rely on encryption to protect sensitive data, but where most fail and expose vulnerabilities is in the management of that information. Without the necessary tools in place to manage that encryption, business owners are opening themselves up to major security holes that can have very costly consequences.

I would like to start a discussion on what are the most important and useful steps to meet PCI DSS requirements and obtain fraud management solutions.

J

[Guest aguser]

CC 4 as it stands is not PCI compliant despite what Devlion say. I have had to make changes to some files to get my site PCI compliant.

I hope v5 is PCI compliant out of the box !

[Al Brookbanks]

CC 4 as it stands is not PCI compliant despite what Devlion say.

I just want to add that we do not claim to be PCI compliant anywhere on our site. We are contemplating getting a PA-DSS certificate.

[Guest Brivtech]

If you are using an online payment gateway provider, they will already be PCI compliant.

As they handle the sensitive payment details, this dissolves you of any responsibility regarding PCI compliance. What you will be responsible for therafter is customer data under law, in the UK specifically under the Data Protection Act.

The manual payment gateway in CC is not PCI compliant, and if you are using this, you won't meet the compliance. You could potentially make this gateway compliant, but you would need to have PCI compliance testing done, correcting any issues, and both your organisation and hosting would need to be rock solid to pass.

[Al Brookbanks]

That's right. We recommend using a hosted payment provider so the card details are not passed through your website. If you use what we describe as a seamless one then your store will need to be certified.