Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

(noob) PCI Compliance help please...


weezy

Recommended Posts

Hello Everyone,

 

Im trying to implement Paypal website payments pro and am having a hard time figuring out the PCI standards. What would I have to do to meet their standards? I know thats a very general question, but I am clueless about the whole PCI Compliance. The only thing i know is that there are serious consequences for not meeting them...so please help! Any help or suggestions would be greatly appreciated! Thanks

Link to comment
Share on other sites

Hello Everyone,

 

Im trying to implement Paypal website payments pro and am having a hard time figuring out the PCI standards. What would I have to do to meet their standards? I know thats a very general question, but I am clueless about the whole PCI Compliance. The only thing i know is that there are serious consequences for not meeting them...so please help! Any help or suggestions would be greatly appreciated! Thanks

 

As a general rule regarding the standard osC I'd say get a propper SSL certificate and force cookie use.

 

some have benefited from the security Pro contribution also.

 

Didn't realise though that there were any strong restrictions re: PCI from PayPal though although I have seen it for others like Barclays.

Link to comment
Share on other sites

...Im trying to implement Paypal website payments pro and am having a hard time figuring out the PCI standards...

 

1. Basically, PCI (payment cards industry?) compliant is a server issue , not a site issue (if you are on a shared server);

 

2. it means that the server your site is hosted on must pass the PCI standard, ie, regular security scan of the server to ensure it is secure and can't be hacked (well easily);

 

3. you will need to spend money for specialised companies to do the above;

 

4. if you collect and store credit/debit card info, which paypal website paymnet pro would, on your site and in particular your server, then you are required to pass the PCI audits;

 

5. the fact that (no offense here) you dont know much about PCI compliance and you are not hiring someone who does to advise you, then chances are your business may not be big enough to bother with it, and you should choose other paypal payment methods as most ypur fellow osc site owners do.

 

Ken

commercial support - unProtected channel, not to be confused with the forum with same name - open to everyone who need some professional help: either PM/email me, or go to my website (URL can be found in my profile).

over 20 years of computer programming experience.

Link to comment
Share on other sites

All who collect cc info on their site falls under the PCI compliance rules.

 

If you also store cc info then the regulations is very strict...

 

But if you use a payment gateway to store and process the cc info then the its fairly easy to get PCI compliant.

 

More Info...

 

And here is a tread by WoodsWalker where she describes the process she went through to get PCI compliant...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...