Jump to content

Archived

This topic is now archived and is closed to further replies.

CRE Secure Payments

Credit Card Security 2.0 and PCI Compliance

Recommended Posts

As PCI compliance shines a light on security around credit card data. Much of the online ecommerce world has been left to the status quo. Many feel they are safe using a standard gateway or getting PCI ASV scans. However if you take credit card in your store and communicate server to server, your site and server is a target for hackers to access that card data while it is in memory.

 

Given the insecure nature of inexpensive hosting and the security risks inherit with legacy php based applications it becomes apparent that the only real affordable way to secure credit card data, is to not handle it.

 

Look for payment solutions that offer hosted payment forms or hosted payment pages, and also ones that work with multiple gateways.

 

Another thing to look for is ease of integration and how they handle branding and customization of the payment page.

 

Getting hacked and losing credit card data cost you in customer confidence and now with PCI Compliance regulations a hack will result in being treated as a level 1 merchant which requires that your company go through expensive third party audit and as well fines for the breach.

 

What are you doing to protect your customers card data, what payment gateways do you use, what do you like or dislike about the customer experience or integrations?

 

I look forward to the discussion.


Best Regards

 

Greg McGraw, CEO

CRE Secure

Share this post


Link to post
Share on other sites

i suppose this is nothing new. theres been many informed discussions on the osc forums, eg, in the general topic section. many who frequent the forum by now should have known if you want to be cool to allow customers entering their card details while still on your website then pci requires you (server & website) to meet the requirements of so called pci dss. otherwise pci dss is irrelevant whatever payment gateway/services you use as long as the banks are happy with them, because the burden of passing the pci dss tests will shift from you to the payment service, eg, Paypal.

Being cool comes with a price: you will need a dedicated server or in some cases a VPS server, as no host would be able or willing to take on the pci dss tests on a shared server.

Ken


commercial support - unProtected channel, not to be confused with the forum with same name - open to everyone who need some professional help: either PM/email me, or go to my website (URL can be found in my profile).

over 20 years of computer programming experience.

Share this post


Link to post
Share on other sites

×