Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

PCI Compliance with the PA-DSS Certified Magento Secure Payment Bridge
 
RoyRubin
Enthusiast
 
Avatar
Total Posts:  968
Joined:  2007-08-07
Los Angeles, CA
 

Providing PCI Compliance for the Magento Platform

Magento Secure Payment Bridge assists merchants in meeting PCI compliance with this secure payment application. Implementing Payment Bridge with either Magento Enterprise or Magento Professional saves online merchants money and time when it comes to complying with PCI requirements.

Magento makes PCI compliance easier by separating the Magento Secure Payment Bridge application from the Magento Enterprise and Magento Professional eCommerce platforms. This enables updates to the core Magento eCommerce application with new marketing, merchandising and content management capabilities, without having to go through PCI compliance re-assessment of the entire Magento eCommerce platform.

Magento Secure Payment Bridge is PA-DSS certified by our Qualfied Security Assessor (QSA) Coalfire, and is provided with a subscription to Magento Enterprise and Magento Professional.

 
Magento Community Magento Community
Magento Community
Magento Community
 
haancorp
Jr. Member
 
Total Posts:  1
Joined:  2010-08-03
 

Can someone clarify the distinction between Magento Community and Magento Professional/Enterprise in regard to PCI compliance?

I have called a couple people now to discuss the necessity of having either the Professional or Enterprise editions in order to pass PCI server scans and be certified PCI compliant, and I am getting conflicting answers.

One developer said he only uses the community edition and he hasn’t had any problems passing server scans.

Any help would be greatly appreciated.

Lorianna

 
Magento Community Magento Community
Magento Community
Magento Community
 
Turnkeye
Enthusiast
 
Avatar
Total Posts:  908
Joined:  2008-12-20
URL: turnkeye.com
 

PCI scans will run successfully even if you will use Magento Community.

However if you will need PA-DSS, it will be needed to use Magento Pro or Enterprise version.

Feel free to ask any questions.

 
Magento Community Magento Community
Magento Community
Magento Community
 
rodrigo_eca
Jr. Member
 
Total Posts:  1
Joined:  2011-04-01
 
RoyRubin - 20 July 2010 10:53 AM

Providing PCI Compliance for the Magento Platform

Magento Secure Payment Bridge assists merchants in meeting PCI compliance with this secure payment application. Implementing Payment Bridge with either Magento Enterprise or Magento Professional saves online merchants money and time when it comes to complying with PCI requirements.

Magento makes PCI compliance easier by separating the Magento Secure Payment Bridge application from the Magento Enterprise and Magento Professional eCommerce platforms. This enables updates to the core Magento eCommerce application with new marketing, merchandising and content management capabilities, without having to go through PCI compliance re-assessment of the entire Magento eCommerce platform.

Magento Secure Payment Bridge is PA-DSS certified by our Qualfied Security Assessor (QSA) Coalfire, and is provided with a subscription to Magento Enterprise and Magento Professional.

Hi Roy,

I’ve searched the web for detailed information regarding Magento Secure Payment Bridge but I couldn’t find anything extensive. I’ll really apreciate if you can answer me a couple of questions about it:
* Is it provided as a service for Magento Enterprise and Professional? or is an additional application that must be installed and configured separately in another server?
* Is it possible for the Magento Secure Payment Bridge to use SavedCC, in order to let customers select from their Saved CC when paying?
* Is it possible to extend the Magento Secure Payment Bridge in order to add more payment methods?

Thanks in advance.
Rodrigo

 
Magento Community Magento Community
Magento Community
Magento Community
 
NEngineer
Jr. Member
 
Total Posts:  2
Joined:  2011-04-29
 

According to the PCI website, http://www.pcisecuritystandards.org , only the Magento Payment Bridge has been “Validated”, nothing else.

I couldn’t find anything that indicates that any version of the other parts, cart, etc. are compliant.

This may be an oversight on their part to document correctly all parts of their product that are compliant.

This would indicate to me that as long as your systems/processes are compliant, and you use a compliant bridge/gateway, you shouldn’t have any PCI problems.

 
Magento Community Magento Community
Magento Community
Magento Community
 
uguptu
Sr. Member
 
Avatar
Total Posts:  125
Joined:  2010-02-01
Kyiv, Ukraine
 

Payment Bridge is actually the best way to separate the part of eCommerce application from what should be PCI compliant and what should not. Magento as a product is being upgraded too frequently to pass it through the whole PCI compliance certification process every time new release appears.

However, using Magento Payment Bridge, Magento doesn’t deal with sensitive data AT ALL, thus there is no need to certify Magento code.

We certified Magento Payment Bridge instead, and it’s enough to be sure your Magento store that utilizes its payment methods via Payment Bridge is safe according to PCI requirements. Every major Payment Bridge release will need to be certified again, and we’re going to do that and send updates to all customers as required.

That’s the idea, and it seems to be as flawless as it can be.

 
Magento Community Magento Community
Magento Community
Magento Community
 
amirfarid
Jr. Member
 
Total Posts:  7
Joined:  2011-09-18
 

sorry if this seems to be a bit of dumb question: although its provided for pro and enterprise, what options are avalile for community users? can we purchase a subscription seperatly? were doing quite a few megeno installs and designs lately and compliance is a recurring question/issue…

 
Magento Community Magento Community
Magento Community
Magento Community
 
stela.zh
Jr. Member
 
Total Posts:  8
Joined:  2011-01-04
 

Hello , i’m new register in magento...so i don’t have very experince in magento.
I have a project and i want to help me if you can…

I have a menu about us, product and i want t to hyperlink this menu to another domain for example http://www.google.com
Where is the code ( file) that i should change ? Because in url key isn’t possible to put a url outside of site....

Please help me ,
Regards

 
Magento Community Magento Community
Magento Community
Magento Community
 
ecommerceoffice
Member
 
Avatar
Total Posts:  51
Joined:  2011-08-20
Russia
 

seems moderator asleep ))

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top