joer80 Posted July 29, 2011 Share Posted July 29, 2011 My merchant is asking that I provide them with a PCI-DDS compliance certification from Both my host, and OSCommerce. Is this necessary? How would I contact osCommerce? Link to comment Share on other sites More sharing options...
germ Posted July 29, 2011 Share Posted July 29, 2011 You won't get anything from osC YOU installed the software - it's your responsibility now. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
joer80 Posted July 29, 2011 Author Share Posted July 29, 2011 You won't get anything from osC YOU installed the software - it's your responsibility now. I agree, but what do you tell the merchant? Link to comment Share on other sites More sharing options...
hughesca Posted July 29, 2011 Share Posted July 29, 2011 I'd get in contact with the merchant again...it's likely they gave you incorrect info. Our merchant has a 3rd party that runs the PCI compliance checks against the store and reports the findings to them. I'm not aware of any cart software that will offer you any type of PCI compliance certs. Peace, Chris Link to comment Share on other sites More sharing options...
♥toyicebear Posted July 30, 2011 Share Posted July 30, 2011 You will need to run a PCI vulnerability scan on your site and then you will have to take care of any software issues while the hosting company should take care of the server/hosting issues. You can find more info on the PCI Compliance at: www.pcicomplianceguide.org Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
Ryan Taylor Posted November 1, 2012 Share Posted November 1, 2012 The PCI DSS compliance will alert when any unplanned changes are detected for server software using file-integrity monitoring, or firewalls and intrusion protection systems, and any other network device within your 'Compliant Infrastructure'. Link to comment Share on other sites More sharing options...
MrPhil Posted November 1, 2012 Share Posted November 1, 2012 There's no way that osC itself could issue any certificate of compliance. You have the full source and could have done anything to it, including changes that make it extremely vulnerable to hacks. After you install (and probably after any code changes) you would have to pay someone to look at it and make sure it's in compliance. Frankly, unless your volume is so large that accepting credit cards through a payment gateway/merchant account makes economic sense (and more than offsets the extra costs of PCI-DSS compliance scans), you should use a Third Party payment system (such as PayPal) to process credit cards. The extra costs to go through the PCI-DSS hassle outweigh the higher processing fees until you get pretty big. Note that some PayPal plans have the customer credit card information go through your site (they act as a payment gateway/merchant account, but the customer stays on your site), and you may have to be PCI-DSS compliant in that case. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.