skipunda Posted March 10, 2009 Share Posted March 10, 2009 So, I have to register our website on behalf of the business to be PCI compliant. In short, PCI means that the originating business is indemnified against virtual fraudulent activity. I'm not talking about a boy with a stolen card but a boy with a computer sitting on a virtual gateway between you and your merchant bank (where your money goes). All businesses should have PCI compliance else they will be billed the total amount $$$ hacked by aforementioned boy/girl. If you take a look at the following site you will get a brief summary of each aspect you must be able to check in order to 'comply'. http://corporate.ticketnetwork.com/pci-compliance.aspx Now my question: How does one go about being compliant? What technology is required e.g. SSL etc etc. My sites vital info - - Version is running osCommerce 2.2-MS2 - No card information is entered on the site - Only details of customer addresses are stored on the site - We do not have SSL - No data whatsoever is passed back to our site from our bank except whether it was a success or error. If success, the order is processed, declined is deleted etc etc - we take what I would consider a medium amount of transactions So, what are your thoughts on this. Has any OSCommerce sites been certified. If so, how? Quote Link to comment Share on other sites More sharing options...
skipunda Posted March 10, 2009 Author Share Posted March 10, 2009 just to follow this up..... Because all my card details are actually entered in to our banking system and are not passed (or parsed) or held in our local databases, we do not technically have to put OSCommerce as our Point of Sale platform. We can select our banking CPI instead. Just in case anyone else stumbles across this Quote Link to comment Share on other sites More sharing options...
♥toyicebear Posted March 10, 2009 Share Posted March 10, 2009 Aslong as no card info is entered on your site, then you are not required to be PCI compliant. If the card information is in any way entered, transmitted or passed on/through your site then you are required to be PCI compliant. Example 1. You use paypal standard as your only payment method , the customer is redirected to the PayPal server and enters their payment information there... You are not required to be PCI compliant. Example 2. You are using PayPal pro as your payment metode, the customer inputs their credit card info on your site while the details are actually transmitted through to paypal in the background, then you will need to be PCI compliant. Quote Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
web-project Posted March 10, 2009 Share Posted March 10, 2009 Aslong as no card info is entered on your site, then you are not required to be PCI compliant. what about if the payment details collected and stored encrypted way. P.S. I do research how to provide the hosting with PCI compliant. I know how to create very secure enriroment for oscommerce store. Quote Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here! 8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself. Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues. Any issues with oscommerce, I am here to help you. Link to comment Share on other sites More sharing options...
♥toyicebear Posted March 10, 2009 Share Posted March 10, 2009 what about if the payment details collected and stored encrypted way. P.S. I do research how to provide the hosting with PCI compliant. I know how to create very secure enriroment for oscommerce store. Does not mather that much, encryption is just a small part of PCI compliance.... The server environment, physical access to server, physical access logs, data access logs and much more also comes into account. Quote Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
DriWashSolutions Posted May 8, 2009 Share Posted May 8, 2009 (edited) Does not mather that much, encryption is just a small part of PCI compliance.... The server environment, physical access to server, physical access logs, data access logs and much more also comes into account. One of the issues that I'm having is that the login script needs to be on the https: rather than http: - I seached the contribs, but don't see anything for a secure login box. How is everyone getting by with this issue? Edited May 8, 2009 by DriWashSolutions Quote John Skurka Link to comment Share on other sites More sharing options...
♥toyicebear Posted May 8, 2009 Share Posted May 8, 2009 One of the issues that I'm having is that the login script needs to be on the https: rather than http: - I seached the contribs, but don't see anything for a secure login box. How is everyone getting by with this issue? If the loginbox is set up correctly the form is called via https. (Provided that your oscommerce installation is configured to use ssl) Quote Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.