Guest StrongBox Posted April 30, 2010 Share Posted April 30, 2010 As of July 2010, business owners who fail to adhere to PCI Compliance standards are risking up to $500,000 in fines. Many businesses rely on encryption to protect sensitive data, but where most fail and expose vulnerabilities is in the management of that information. Without the necessary tools in place to manage that encryption, business owners are opening themselves up to major security holes that can have very costly consequences. I would like to start a discussion on what are the most important and useful steps to meet PCI DSS requirements and obtain fraud management solutions. J Quote Link to comment Share on other sites More sharing options...
Guest aguser Posted May 5, 2010 Share Posted May 5, 2010 CC 4 as it stands is not PCI compliant despite what Devlion say. I have had to make changes to some files to get my site PCI compliant. I hope v5 is PCI compliant out of the box ! Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted June 4, 2010 Share Posted June 4, 2010 CC 4 as it stands is not PCI compliant despite what Devlion say. I just want to add that we do not claim to be PCI compliant anywhere on our site. We are contemplating getting a PA-DSS certificate. Quote Link to comment Share on other sites More sharing options...
Guest Brivtech Posted June 4, 2010 Share Posted June 4, 2010 If you are using an online payment gateway provider, they will already be PCI compliant. As they handle the sensitive payment details, this dissolves you of any responsibility regarding PCI compliance. What you will be responsible for therafter is customer data under law, in the UK specifically under the Data Protection Act. The manual payment gateway in CC is not PCI compliant, and if you are using this, you won't meet the compliance. You could potentially make this gateway compliant, but you would need to have PCI compliance testing done, correcting any issues, and both your organisation and hosting would need to be rock solid to pass. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted June 4, 2010 Share Posted June 4, 2010 That's right. We recommend using a hosted payment provider so the card details are not passed through your website. If you use what we describe as a seamless one then your store will need to be certified. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.