New to Magento, using it as the ecommerce part of the application. Due to the nature of this application there are many compliance issues for us to adhere to, as we’re new to Magento development we’d like some advise on the following from people who know the product.
1. we plan to use paypal for processing of payments, so we wont be storing any CC details, do we need Magento enterprise edition or will community suffice, from what i understand Enterprise provides ‘encryption features’, what exactly is this? Is it just the payment bridge? Is this payment bridge necessary if we’re not storing CC detais?
2. One of the compliance regulations we have to follow is to encrypt customer details, and to seperate the customer details and what they have purchased(which i assume is already happening anyway via having different tables). So basically if the DB gets hacked its not easy to say User X has purchsed product Y...obviously with some scripting its possible to get this info but thats the case with any system. What we’re looking for is that there isnt some crazy table holding customer names and products purchased all in text.
3. as part of 2 we’d like to seperate some of the user data in the db and choose some fields to encrypt, eg: have username/pwd on one table and other identified info in a seperate table with some fields encrypted. Does EE provide a simpler way of achieving this than community?
Thanks in advance