bpmcclure Posted June 15, 2010 Posted June 15, 2010 Not sure this is the right forum, but wondering how others are meeting the Visa mandate to comply with PA-DSS by 1 July (at least in the US). I got a letter from my merchant account firm today, and I am at a loss as to what needs to be done. Looks like the path of least resistance may be PayPal, but that will require some work as I now use YourPay (or whatever old LinkPoint is called now). I found CRE Secure, but it does not yet support YourPay. Are there other solutions out there that meet the mandate? Thanks, Bruce
FIMBLE Posted June 16, 2010 Posted June 16, 2010 i take it you mean security aspects of the site, and SSL? here is a valuable resource of infomration and i would imagine there are more on the forum http://www.oscommerce.com/forums/topic/313323-how-to-secure-your-site/ Nic Sometimes you're the dog and sometimes the lamp post [/url] My Contributions
bpmcclure Posted June 16, 2010 Author Posted June 16, 2010 i take it you mean security aspects of the site, and SSL? here is a valuable resource of infomration and i would imagine there are more on the forum http://www.oscommerce.com/forums/topic/313323-how-to-secure-your-site/ Nic Thanks, this is similar, but this DSS mandate relates to how credit card data is handled. My understanding after a day of research and thinking it over is that any system that processes, stores, or transmits credit card information must be compliant and certified, which looks like a hugely expensive proposition. I think this applies to oscommerce, unless credit card input and processing is done at a different site like PayPal. CRE Secure does a similar trick but clones the checkout page so the input looks like it's being done on OSC when actually it is on their server. Any insight into this?
FIMBLE Posted June 16, 2010 Posted June 16, 2010 PayPal Pro is probaby ok for this, you do not actually handle the credit card or ever see the numbers and details but it is processed on your site and transmitted via secure connection. Nic Sometimes you're the dog and sometimes the lamp post [/url] My Contributions
bpmcclure Posted June 22, 2010 Author Posted June 22, 2010 PayPal Pro is probaby ok for this, you do not actually handle the credit card or ever see the numbers and details but it is processed on your site and transmitted via secure connection. Nic Just to close the loop on this, I spoke with my merchant account holder (Moneris Solutions), who told me that for a small business like me (Level 4 by PCI standards), as long as my site does not stored cc data and my gateway is PCI certified and does not allow me or anyone else access to cc data, they are happy and I have a clean bill of health. No submission or scans needed. It is their discretion at that level on the steps required. I confirmed that First Data Virtual Terminal (Linkpoint Connect or YourPay) does indeed meet these conditions, and I took the extra step of looking at my database; no cc data there either. This is a big load off; I was worried I was going to have to switch to PayPal or go to yet another third party like CRE to solve this. Turned out to be easier than I thought.
Alex-Ulsk Posted August 19, 2010 Posted August 19, 2010 > I was worried I was going to have to switch to PayPal a situation exactly as in this Youtube video -
Recommended Posts
Archived
This topic is now archived and is closed to further replies.