This is a discussion on What, another newbee? Thats right within the Introduce yourself! forums, part of the Community category; Hello, I am new to osCommerce and very new to osCmax but so far seems much better than the others ...
What, another newbee? Thats right Hello,
I am new to osCommerce and very new to osCmax but so far seems much better than the others I have looked at.
Q: When looking at a competitor they brag about "PCI" compliance. What truly makes a software "PCI" compliant? Is it only relevant if you take CC at your site rather than using PayPal?
Re: What, another newbee? Thats right 1) welcome to the best cart on the market (and the best forum).
2) PCI: https://www.pcisecuritystandards.org...ciation=PA-DSS
PCI is about what you maintain and how you secure it from a credit card transaction. Since osCmax is provided as source code it can be changed by anyone. Based on my reviews of the PCI documents, nothing osCmax does is in any way a violation of the PCI docs, but since any piece of code can easily be modified, you can't say that any osCmax store is in compliance since any developer can modify the code to be out of compliance with just a few lines of modification (like adding a payment processor that the module records and stores the credit card number in the database unencrypted, or transacts across an http rather than an https gateway).
so endith the lesson
<think>sometimes I just sit's and thinks</think>
"Here you are with a hand full of holes, a thumb up your ass, and a big grin to pass the time of day with." - TWB
Re: What, another newbee? Thats right Thank you for the response.
As In understand it then would be each store owner who would be responsible for confirming that thier indiviual store (code) meets the PCI standards. But the original code as released is PCI compliant, correct?
Re: What, another newbee? Thats right There is NOTHING in osCmax 2.5 out of the box that would violate any PCI standards. BUT, you will have to set up https to work when you set up the store (get a proper certificate, etc). You will have to ensure that any modules that you use at checkout do NOT store credit card data in your database or send any credit card data over unsecured transactions (use https or equivalent for security, and that nothing is sent plaintext or sent via e-mail). So, while out of the box there is NOTHING in osCmax 2.5 that violates any of the PCI docs, how YOU set up and modify your store DOES have the potential to violate the PCI compliance. It is therefore incumbent on the store owner to ensure that through all the setup and modifications that they comply with all the PCI specs to maintain compliance.
[as an aside: As I read the above I think I have repeated myself, but I just want to make sure that this is crystal clear, and when I want to do that sometimes I tend to overstate the issue to ensure clarity of the answer.]
<think>sometimes I just sit's and thinks</think>
"Here you are with a hand full of holes, a thumb up your ass, and a big grin to pass the time of day with." - TWB
Posting Permissions
LinkBack URL
About LinkBacks
Bookmarks