Magento

eCommerce Software for Online Growth

1018 users online   

PCI Compliance

PCI Compliance is increasingly important to all online store owners, and Magento can be implemented to meet this strict standard.

What is PCI Compliance?

The PCI Data Security Standard (PCI DSS) was created by the major credit card companies to ensure the adoption of consistent security measures by all merchants. There are 12 requirements for meeting the PCI DSS, broken into 6 groups:

  • Build and Maintain a Secure Network
    Requirement 1: Install and maintain a firewall configuration to protect cardholder data
    Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protect Cardholder Data
    Requirement 3: Protect stored cardholder data
    Requirement 4: Encrypt transmission of cardholder data across open, public networks
  • Maintain a Vulnerability Management Program
    Requirement 5: Use and regularly update anti-virus software
    Requirement 6: Develop and maintain secure systems and applications
  • Implement Strong Access Control Measures
    Requirement 7: Restrict access to cardholder data by business need-to-know
    Requirement 8: Assign a unique ID to each person with computer access
    Requirement 9: Restrict physical access to cardholder data
  • Regularly Monitor and Test Networks
    Requirement 10: Track and monitor all access to network resources and cardholder data
    Requirement 11: Regularly test security systems and processes
  • Maintain an Information Security Policy
    Requirement 12: Maintain a policy that addresses information security

Configuring Magento to meet PCI DSS

There are a few very important steps to take when implementing Magento in a PCI compliant manner. The main two are:

  • Do not use the Saved Credit Card module in a production environment (live site).
  • Do not enable the Debugging profiler in a production environment.

If these modules are implemented the credit card data will be stored in the database, creating further requirements for in order to meet the PCI DSS.

It is important to note that while Magento is an integral part of the chain in obtaining PCI Compliance, it is necessary to implement Magento in a PCI compliant hosting environment. We have given recommendations here on configuring Magento to meet the PCI-DSS. For more information on PCI Compliance please visit the PCI Security Standards Council website ( https://www.pcisecuritystandards.org/ )

Product

Magento Enterprise Available now

Professional Services from the Magento Team


© Copyright 2010 Varien. Magento, eCommerce software, is a trademark of Irubin Consulting Inc. DBA Varien
Privacy Policy|Terms of Service Magento Community Count
177732 users|1018 users currently online|277197 forum posts