Shopping Cart Software
oscmax 2.0 pci compliance
This is a discussion on oscmax 2.0 pci compliance within the osCMax v2 Features Discussion forums, part of the osCMax v2.0 Forums category; Hi - Is the oscmax 2.0 pci code compliant? How do I make sure oscMax client sites are PCI compliant? ...
| |||||||
| Register | FAQ | Members List | Calendar | Mark Forums Read |
|
#1
04-15-2008, 07:59 AM
| |||
| |||
 oscmax 2.0 pci compliance Hi - Is the oscmax 2.0 pci code compliant? How do I make sure oscMax client sites are PCI compliant? Are there shared hosts that are pci compliant? My clients have in store POS terminals, so they have been manually entering credit card information to process orders. They have also been manually processing and order because initial they don't know the shipping charges when a person places the order. How have others tackled these issuses? I'm eager to learn. Thank you, Barb      |
|
#2
04-16-2008, 09:36 AM
| |||
| |||
| Re: oscmax 2.0 pci compliance Perhaps you can explain what PCI compliant means, for the community enhancement. |
|
#3
04-16-2008, 12:09 PM
| |||
| |||
| Re: oscmax 2.0 pci compliance Quote:
You can read more here -- PCI Compliance Guide - FAQs and Tips on PCI Compliance or here https://www.pcisecuritystandards.org/ I was wondering what other on line retailers are doing in order to comply with the new regulations. Barb |
|
#4
04-16-2008, 02:04 PM
| ||||
| ||||
| Re: oscmax 2.0 pci compliance Am I the only one who doesn't care a bit about PCI compliance? I do not even know what country you are in, but I had never heard about that before. Anyway, my customers enter their CC information/details on my bank website and not on mine, and I do not store any data related to their credit card details, so I doubt I should lose my sleep over that... |
|
#5
04-16-2008, 04:23 PM
| |||
| |||
| Re: oscmax 2.0 pci compliance I'm in the US. The big news story over here is -- pcistuff The issue is for anyone selling online. What if someone hacks your web site and grabs your customer's credit card information? What if you hold the information to batch process at night? You are at risk while you are holding that information for a few hours. Is your bank's web site secure? Has the bank done everything they can to protect your customer's information? I'm not trying to start an argument, I'm just interested in how other address the situation. Barb |
|
#6
04-17-2008, 12:23 AM
| ||||
| ||||
| Re: oscmax 2.0 pci compliance My solution is easy, I do not store any credit card information from anyone. Never. In fact customers that pay with payment modules like most CC modules, Paypal, etc, rarely do so on your store. They are redirected from your checkout to whatever page they have to be redirected for the payment, and then come back to your store. And I would say that that applies to OSC and OSCMAX by default, would that make them PCI compliant? |
|
#7
04-20-2008, 07:53 AM
| |||
| |||
| Re: oscmax 2.0 pci compliance Barb, I'm located in the US and take PCI Compliance very seriously, as failure to do so could be a business-ending mistake. I have one osCmax site and two heavily modified osCommerce sites, and use Authorize.Net as the credit card payment gateway on all three. Here is a brief outline of what I do to maintain PCI Compliance: 1) Do not store ANY customer credit card information on the databases (card numbers, cvv codes, etc.). Using the standard Authorize.Net Consolidated v1.7 payment module included with osCMax 2.0 takes care of this for you, with the transaction details being transmitted directly to Authorize.Net (make sure you use SSL, though). 2) I use ControlScan for regularly scheduled threat scanning of all of my site servers (make sure your webhosting company allows this---I switched from IX Webhosting to WestHost because IX threatened to suspend my accounts because of the external security scans--- when I questioned how their ecommerce customers were supposed to meet the scan requirement for PCI Compliance, the friendly folks at IX told me none of their shared servers were compliant, only their dedicated hosting plans. I ran away as fast as I could.... 3) ControlScan also has a full PCI Compliance package that includes the PCI self-test questionaire, compliance report for submittal to your CC processor, etc. It's not cheap, but if you talk to them let them know you're looking at other providers and they'll probably be willing to negotiate on pricing. I hope this is helpful, and didn't mean to sound like an advertisement for ControlScan or Authorize.Net; I just know they fit the bill. Bob |
| The Following User Says Thank You to BobH For This Useful Post: | ||
josemanuel (04-20-2008) | ||
|
#8
04-20-2008, 03:25 PM
| |||
| |||
| Re: oscmax 2.0 pci compliance 1) what Bob said... 2) I use payflo-pro and we DO store NxxxxxxxxxxxNNNN into the local database (so a customer can see what card they used for an order) but other than that, no data is stored locally. 3) authorize verses charge. I charge immediately. My shipping is calculated directly from UPS and/or USPS by the store and has been shown to be about 97% accurate. I do have about 5% of orders where I have to go back and use the gateway interface to manually adjust a charge 4) banks... Once I pass my data on to verisign/paypal it's not my problem Then security is their issue. I managed the secure data while I had it under my control. If they can't manage the data securely, then they have issues, not I.
__________________  so endith the lesson<think>sometimes I just sit's and thinks</think> "Here you are with a hand full of holes, a thumb up your ass, and a big grin to pass the time of day with." - TWB |
 |
| Thread Tools | |
| |
| ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| do CreLoaded templates work on oscmax? Also do oscommerce contribs work on oscmax? | Misery_Kitty | osCMax v2 Installation issues | 7 | 02-12-2008 02:06 AM |
All times are GMT -8. The time now is 09:08 AM.
