Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

Visa PA-DSS mandate


Recommended Posts

Not sure this is the right forum, but wondering how others are meeting the Visa mandate to comply with PA-DSS by 1 July (at least in the US). I got a letter from my merchant account firm today, and I am at a loss as to what needs to be done. Looks like the path of least resistance may be PayPal, but that will require some work as I now use YourPay (or whatever old LinkPoint is called now).


I found CRE Secure, but it does not yet support YourPay. Are there other solutions out there that meet the mandate?


Thanks, Bruce

Link to comment
Share on other sites

i take it you mean security aspects of the site, and SSL?

here is a valuable resource of infomration and i would imagine there are more on the forum http://www.oscommerce.com/forums/topic/313323-how-to-secure-your-site/



Thanks, this is similar, but this DSS mandate relates to how credit card data is handled. My understanding after a day of research and thinking it over is that any system that processes, stores, or transmits credit card information must be compliant and certified, which looks like a hugely expensive proposition. I think this applies to oscommerce, unless credit card input and processing is done at a different site like PayPal. CRE Secure does a similar trick but clones the checkout page so the input looks like it's being done on OSC when actually it is on their server.


Any insight into this?

Link to comment
Share on other sites

PayPal Pro is probaby ok for this, you do not actually handle the credit card or ever see the numbers and details but it is processed on your site and transmitted via secure connection.




Just to close the loop on this, I spoke with my merchant account holder (Moneris Solutions), who told me that for a small business like me (Level 4 by PCI standards), as long as my site does not stored cc data and my gateway is PCI certified and does not allow me or anyone else access to cc data, they are happy and I have a clean bill of health. No submission or scans needed. It is their discretion at that level on the steps required.


I confirmed that First Data Virtual Terminal (Linkpoint Connect or YourPay) does indeed meet these conditions, and I took the extra step of looking at my database; no cc data there either.


This is a big load off; I was worried I was going to have to switch to PayPal or go to yet another third party like CRE to solve this. Turned out to be easier than I thought.

Link to comment
Share on other sites

  • 1 month later...


This topic is now archived and is closed to further replies.

  • Create New...