Page 2 of 2 First 12
Results 11 to 18 of 18

Thread: osCmax v2.5 RC1 Released - Discussion Thread

  1. #11
    norman
    Guest


    Default Re: osCmax v2.5 RC1 Released - Discussion Thread

    I have not seen any discussion about PCI compliance. Seems this should be important to anybody planning to use osCMax on a real, live site.

    Norman

  2. #12
    osCMax Development Team

    osCmax v2.5 RC1 Released - Discussion Thread

    pgmarshall's Avatar
    Join Date
    Feb 2009
    Location
    London
    Posts
    3,517
    Total Contributions For

    pgmarshall     $ 35.00
    Rep Power
    77


    Default Re: osCmax v2.5 RC1 Released - Discussion Thread

    Payment Card Industry (PCI) Compliance

    oscmax 2.0 pci compliance

    https://www.paypal.com/pcicompliance

    PCI compliance is only important if you storing client data on your site - eg. credit card details, etc. "The standard includes 12 requirements for any business that stores, processes or transmits payment cardholder data." (source) - So the question you have to ask is do you really want to store, process or transmit cardholder data? Or simply use a payment provider that does this for you? Google Checkout, PayPal, etc.

    Regards,
    pgmarshall
    _______________________________

  3. #13
    niallb
    Guest


    Default Re: osCmax v2.5 RC1 Released - Discussion Thread

    Any idea yet when the full blown version will be available for launch?

  4. #14
    Active Member
    osCmax v2.5 RC1 Released - Discussion Thread


    Join Date
    Jan 2009
    Posts
    234
    Total Contributions For

    jmelson     $ 50.00
    Rep Power
    16


    Default Re: osCmax v2.5 RC1 Released - Discussion Thread

    Quote Originally Posted by pgmarshall View Post
    So the question you have to ask is do you really want to store, process or transmit cardholder data? Or simply use a payment provider that does this for you? Google Checkout, PayPal, etc.

    Regards,
    Well, for instance, using Authorize.net AIM, you don't STORE the CC data, which is good, but you DO "process or transmit" the card number, etc. to the payment processor. If your site is hacked and another php file in inserted, it could send that data to a criminal. I've been trying to get Authorize.net SIM working with osCmax for 2 years now, but have never gotten it to complete the transaction back to osCmax. So, I'm stuck only being partially PCI compliant.

    Jon

  5. #15
    osCMax Developer


    osCmax v2.5 RC1 Released - Discussion Thread

    michael_s's Avatar
    Join Date
    Jul 2002
    Location
    Phoenix, AZ
    Posts
    23,010
    Total Contributions For

    michael_s     $ 10.00
    Rep Power
    594


    Default Re: osCmax v2.5 RC1 Released - Discussion Thread

    You can be fully PCI compliant using AIM method, lets not get misinformation out there. All you have to do is meet the compliance standards. Either method (AIM or SIM) on a properly secured server is fully PCI compliant.

    PCI compliance has absolutely nothing to do with being hacked. Your site/server can be fully PCI compliant and still be hacked/compromised. Compliance does not = security. Only security=security.

    What jmelson is discussing here is that he does not want to be responsible for PCI compliance at his store level, but wants to pass that responsibility to Authorize.net. By using SIM, you are not becoming PCI compliant, but shifting the compliance responsibility to Authorize.net.

    Note that your site can still be hacked and customer data can still be stolen, customer's computers can still be infected with malware, etc. You just bear no liability for cc# data. That is it. You are still responsible for keeping your site/server secure.
    Michael Sasek

    osCmax 2.5.4 is now available via auto-installation using Softaculous!

    Stay Up To Date with everything osCMax:
    osCmax on Twitter - Up to the minute info as it happens. Know it first.

    osCmax Documentation

  6. #16
    Active Member
    osCmax v2.5 RC1 Released - Discussion Thread


    Join Date
    Jan 2009
    Posts
    234
    Total Contributions For

    jmelson     $ 50.00
    Rep Power
    16


    Default Re: osCmax v2.5 RC1 Released - Discussion Thread

    Right! I am at the lowest level of PCI compliance, where I certify that "merchant does not store, process or transmit any cardholder data". This level of compliance only costs me $99 a year. But, this is not actually true, if I use the AIM module.
    A higher level of compliance requires outside audits, and costs $500 - 1500 a year, and I'd like to avoid those fees, on a
    REALLY small-scale business, namely, just me, selling a few items a month.

    But, so far I have had no luck making Authorize.net SIM work. Still trying, though.

    Jon

  7. #17
    Active Member
    osCmax v2.5 RC1 Released - Discussion Thread


    Join Date
    Jan 2009
    Posts
    234
    Total Contributions For

    jmelson     $ 50.00
    Rep Power
    16


    Default Re: osCmax v2.5 RC1 Released - Discussion Thread

    Well, after a BUNCH more reading at various PCI compliance sites, Authorize.net, etc. I FINALLY found a definition of
    "cardholder data" and that it means ANY identifying info for a cardholder! So, name, address and phone number are considered as sensitive as the card # and expiration date! Well, that changes EVERYTHING! Since osCmax and all other stores store that info, I HAVE to increase my PCI compliance level, get audited, etc. What a pain, I had hoped to skip all this junk! And, Authorize.net SIM really solves nothing at all, at least according to the PCI requirements.

    So, Michael is completely right!

    Jon

  8. #18
    maximilian
    Guest


    Default Re: osCmax v2.5 RC1 Released - Discussion Thread

    Is it better to pass the responsibility of credit card security to a payment gateway like Authorize.net? We have been throwing the idea around of creating our own bit encryption and storing information on servers, but as we have not really touched payment processing just yet (no sales, still to new ) it would be cool to get some input from those of you that have already walked down this road.

Page 2 of 2 First 12

Similar Threads

  1. osCmax v2.5 Beta 3 Released - Discussion thread
    By michael_s in forum Announcement Discussions
    Replies: 48
    Last Post: 04-07-2011, 09:45 AM
  2. osCmax v2.5 Beta 2 Released - Discussion thread
    By michael_s in forum Announcement Discussions
    Replies: 25
    Last Post: 01-31-2011, 09:54 PM
  3. Not for new threads - for osCMax announcements discussion
    By ridexbuilder in forum Announcement Discussions
    Replies: 1
    Last Post: 12-14-2009, 11:17 PM
  4. Discussion: MySQL Security in OSCMAX
    By red_fraggle in forum osCMax v2 Features Discussion
    Replies: 6
    Last Post: 07-22-2009, 04:32 PM
  5. Official Google Checkout v1.4 for osCMax 2.0 thread
    By michael_s in forum Google Checkout
    Replies: 16
    Last Post: 05-21-2009, 09:11 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •