Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

PCI-DDS compliance certification from osCommerce?


Recommended Posts

You won't get anything from osC


YOU installed the software - it's your responsibility now.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.


"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -


"Headers already sent" - The definitive help


"Cannot redeclare ..." - How to find/fix it


SSL Implementation Help


Like this post? "Like" it again over there >

Link to comment
Share on other sites

I'd get in contact with the merchant again...it's likely they gave you incorrect info. Our merchant has a 3rd party that runs the PCI compliance checks against the store and reports the findings to them. I'm not aware of any cart software that will offer you any type of PCI compliance certs.




Link to comment
Share on other sites

You will need to run a PCI vulnerability scan on your site and then you will have to take care of any software issues while the hosting company should take care of the server/hosting issues.


You can find more info on the PCI Compliance at: www.pcicomplianceguide.org

Link to comment
Share on other sites

  • 1 year later...

The PCI DSS compliance will alert when any unplanned changes are detected for server software using file-integrity monitoring, or firewalls and intrusion protection systems, and any other network device within your 'Compliant Infrastructure'.

Link to comment
Share on other sites

There's no way that osC itself could issue any certificate of compliance. You have the full source and could have done anything to it, including changes that make it extremely vulnerable to hacks. After you install (and probably after any code changes) you would have to pay someone to look at it and make sure it's in compliance.


Frankly, unless your volume is so large that accepting credit cards through a payment gateway/merchant account makes economic sense (and more than offsets the extra costs of PCI-DSS compliance scans), you should use a Third Party payment system (such as PayPal) to process credit cards. The extra costs to go through the PCI-DSS hassle outweigh the higher processing fees until you get pretty big. Note that some PayPal plans have the customer credit card information go through your site (they act as a payment gateway/merchant account, but the customer stays on your site), and you may have to be PCI-DSS compliant in that case.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...