younmever Posted June 29, 2010 Posted June 29, 2010 Hello forum members, I'm having very difficult time with PCI compliance test. Please help me out. First of all, I have failed the test. My hosting company told me to upgrade to a dedicated server which costs $180 a month (30 times more than what I'm paying now) A friend of mine has recommanded a person who develops a web site told me that she can rebuild another site using another program on another hosting because osCommerce is very volunable to pass the test. I wonder why don't I move the site to another hosting company who has a reasonable VPS instead expensive dedicated server. I have absolutely no idea about the PCI test. Could anyone show me a right direction in this mass please? Thank you
MrPhil Posted June 30, 2010 Posted June 30, 2010 Search this forum for discussion on PCI and PCI-DSS. If you are accepting credit cards through a payment gateway and merchant account, there are now very strict security rules in place to cut down on credit card fraud, identity theft, and other fun things. Supposedly, shared servers can pass the audits, but it's very complicated and expensive to do. VPS and dedicated are supposed to be less of a problem to pass the audit, but are of course much more expensive. Why don't you think about switching over to a Third Party payment system, such as PayPal and the like? They take care of all the security hassles, as you never see or handle the customer's credit card information. There are some plans that don't require your customer to have an account with the payment company, so they can use it like they do your current payment system.
web-project Posted June 30, 2010 Posted June 30, 2010 VPS and dedicated are supposed to be less of a problem to pass the audit, but are of course much more expensive. correct way to go, but still some hosts offer very secure hosting. I can say the easiest way to go using 2checkout payment provider. Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here! 8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself. Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues. Any issues with oscommerce, I am here to help you.
younmever Posted July 1, 2010 Author Posted July 1, 2010 Sorry to come back too late guys, Mrphil, thank you for your advise. I've never thought of a third party. I'm currently ussing Authorize.net as of the gateway and a local credit card processing company where a friend of mine works at, so that I can get some discount. So let's say I change the payment module using the Paypal and still on the shared server, do you know if I can pass the test? Or do I still have to move to a VPS or dedicated server? web-project, thank you for your advise. Using 2checkout is an idea of third-party, right? Could you say that I can still on the shared server to pass the PCI test if I use a third party payment provider? Thank you for your advises, guys Have a good one :)
web-project Posted July 1, 2010 Posted July 1, 2010 So let's say I change the payment module using the Paypal and still on the shared server, do you know if I can pass the test? if you are using the Paypal IPN or PayPal Express and yyou don't collect any CC details on your website, you don't need to pass the PCI test. Using 2checkout is an idea of third-party, right? right, the 2checkout will provide: Credit Card Data Security (PCI DSS Compliant) Encrypted transaction processing World-class global fraud protection Recurring billing solutions Alternative payment products like PayPal Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here! 8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself. Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues. Any issues with oscommerce, I am here to help you.
younmever Posted July 1, 2010 Author Posted July 1, 2010 Thank you web-project, I just check out with my thirdparty gateway, Authorize.net. And they say they do the same thing like 2checkout except that my site stores some of customers informations like name, address, and etc to sign up. I do not keep any credit card information though. Do I still have to move to paypal? Thank you
Jack_mcs Posted July 1, 2010 Posted July 1, 2010 I'm having very difficult time with PCI compliance test. Please help me out. First of all, I have failed the test. My hosting company told me to upgrade to a dedicated server which costs $180 a month (30 times more than what I'm paying now) A friend of mine has recommanded a person who develops a web site told me that she can rebuild another site using another program on another hosting because osCommerce is very volunable to pass the test. I wonder why don't I move the site to another hosting company who has a reasonable VPS instead expensive dedicated server. I have absolutely no idea about the PCI test. Could anyone show me a right direction in this mass please? In order to be considered PCI compliant, a shop usually has to pass a PCI compliance check by some third party. That check usually involves much more than paymanet modules so I wouldn't get hungup on that. The company should supply you with a scan that shows why your shop failed. You have to handle each of those items. It is rare, in my experience, that they find a problem with the payment module being used. They will usually find security holes on the server and/or in your shop. If it is on the server, your host should fix those, free of charge. If they won't, you need to find another host. Moving to a dedicated server, or even a VPS, to fix this is nonsense. The servers are identical as far as how they are setup (unless your host does differently than normal) so the same security holes would exist, regardless of the type of server. Your friend is also incorrect in his statement. Oscommerce isn't any more vulnerable than the next shop. If it has problems, you need to fix them. There are contributions, even one of my own, that will fail a PCI scan. The authors will usually fix those once they are aware of it so if your scan shows a problem with a contribution, you need to fix that. In short, don't start making major changes without knowing why you need those chnages or you will find yourself in the same place, only more aggravated. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
younmever Posted July 2, 2010 Author Posted July 2, 2010 Thank you very much for your deep information, Jack. I've checked more than serveral hosting companys, but they all say that I need to move to a dedicated server to be PCI compliant. The server rental is pretty much expensive, also I can't afford their service charge to manage the server. Could you pm me about a hosting company that won't say I need to move to a dedicated server, and resolve the problem without a major change? I'll be really appriciated Best regards,
Jack_mcs Posted July 3, 2010 Posted July 3, 2010 Could you pm me about a hosting company that won't say I need to move to a dedicated server, and resolve the problem without a major change? Done. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.