Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

PCI Compliance - Are you worried? 
 
Lewwy
Jr. Member
 
Total Posts:  15
Joined:  2009-06-15
 

Hello all,
just got out of a meeting about using Magento for our next project, one of the points raised was that Visa will apparently be dissalowing online transactions if a retailers (or the system they use) is not PCI Compliant.

We were worried that we could spend 6 months developing the store and then next year, it will cease to work, i.e be a waste of our time.

We currently use Optimal as a payment gateway, and understand that we can purchase an extension to make it work with Magento, as it stands, Optimal is PCI compliant, so because we are using that to process transactions, are we covered?

Thanks for any help!
Lewis.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Incognito
Guru
 
Total Posts:  322
Joined:  2008-08-07
Michigan
 

You should be covered as long as you are not saving any credit card numbers and you have ssl.  You could ask the vendor of the module if it is PCI compliant.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Aspiration Host
Mentor
 
Avatar
Total Posts:  1287
Joined:  2008-05-09
Tampa, FL
 

Some information regarding Magento with PCI compliance that you may want to look at:-
http://www.magentocommerce.com/company/pci-compliance

 
Magento Community Magento Community
Magento Community
Magento Community
 
gfxguru
Sr. Member
 
Total Posts:  186
Joined:  2008-11-20
 

worried? I’d worry if you take credit cards on the site.

 
Magento Community Magento Community
Magento Community
Magento Community
 
turtlepirate
Jr. Member
 
Total Posts:  3
Joined:  2008-08-01
 

As far as I’m aware merchants are required to use PA-DSS compliant ecommerce systems. This does not include the Magento Community edition. Only the Enterprise edition is PA-DSS compliant as revealed on this page.

 
Magento Community Magento Community
Magento Community
Magento Community
 
dlbunker
Jr. Member
 
Total Posts:  4
Joined:  2009-10-08
 

I’m really frustrated by this fact. Is there anything that can be done to make this work for those of us who don’t have ten grand a year to shell out for a shopping cart system? I have been searching and searching and there is very little information available about this. I have been learning a ton about developing Magento for clients, most of whom are small business owners. They already have a hard time with labor costs for programming involved in customizing their stores.

I for one would be willing to contribute to a fund to have Magento Community Edition Certified.

 
Magento Community Magento Community
Magento Community
Magento Community
 
J_T_
Mentor
 
Avatar
Total Posts:  1961
Joined:  2008-08-07
London-ish, UK
 

There’s more to it than just a compliant payment processor but indeed, if you don’t store card details, becoming compliant is an easy process. Took me half an hour.

AFAIK, your software doesn’t have to be certified necessarily for you yourself to be compliant. I very much doubt that all the millions of osCommerce, Magento and other shops will be breaking the law anytime soon.

It’s pretty simple. Can hackers get card details from your customers through your assets? If the answer is no, you only have to worry about completing a few forms.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Crucial Web Host
Guru
 
Avatar
Total Posts:  364
Joined:  2007-11-08
Phoenix, AZ
 

PCI Compliance seems to be about the single most misunderstood concept about ecommerce and accepting Credit Card payments online.

There’s a bit of misinformation in this thread as well as around the Internet - and the information you can find often times requires an attorney to decipher.

We recently put out a ‘relatively’ easy to read article on PCI Compliance, what it means and how to achieve it under different ecommerce scenarios.  It’s certainly not as easy or cheap to achieve as many would have you believe. 

Hopefully you will find this of some use to better understanding the implications of PCI Compliance.

http://www.crucialwebhost.com/blog/ecommerce-pci-compliant-hosting/

Article Overview
1. SAQ Validation Types
—Type 1
—Type 4
—Type 5

2. Becoming PCI Compliant
—Hosting & Data Center Options
—Type 1 (SAQ-A)
—Type 4 (SAQ-C)
—Type 5 (SAQ-D)

3. What Does This Mean?

Cheers~

 
Magento Community Magento Community
Magento Community
Magento Community
 
davehorn
Jr. Member
 
Total Posts:  10
Joined:  2009-08-03
 

We switched to Paypal Website Payments Pro.  Paypal had no issue with PCI as long as we were not keeping any CC numbers in electronic format.  The way I understand the system is that we have a direct connection to Paypal and that the data is entered directly to their payment processing system.  We have SSL in place, too. 

Paypal is a little more expensive, but not as expensive as secure hosting, submitting to port scans of the host, of our local network, etc.  Plus they have a multitude of fraud filter settings that appear to be better thought out than using our bank along with a payment gateway. 

It might pay to take a look.  And Magento has a fairly direct integration built into the version we use. 

Dave

 
Magento Community Magento Community
Magento Community
Magento Community
 
xpayments
Jr. Member
 
Avatar
Total Posts:  3
Joined:  2010-06-15
Ulyanovsk, Russia
 

Did you tried this solution http://www.magentocommerce.com/magento-connect/kuzzma/extension/4110/cdev_xpaymentsconnector ? Qualiteam company has developed an certified X-Payments application for X-Cart but it can be easily configured for any e-commerce site. At the moment there are integrations for Magento, Zen Cart, osCommerce.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Turnkeye
Enthusiast
 
Avatar
Total Posts:  908
Joined:  2008-12-20
URL: turnkeye.com
 
estrahon - 04 August 2009 10:10 PM

As far as I’m aware merchants are required to use PA-DSS compliant ecommerce systems. This does not include the Magento Community edition. Only the Enterprise edition is PA-DSS compliant as revealed on this page.

You can use CREsecure solution with your current Magento community edition.

In general, if your shopping cart never transmits or stores credit card information, PA-DSS validation isn’t required.

You can find more information on PA-DSS in this article - PA-DSS compliance FAQ -
http://turnkeye.com/blog/2010/08/pa-dss-compliance-faq/

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top