Results 1 to 5 of 5
  1. #1

    PCI Compliance with Zen-Cart

    My merchant account provider has starting pushing PCI compliance requirements. I was assigned a Level 4 SAQ D profile - because of using Zen Cart AIM module which means the customer enters the information on my website and it is then transmitted (encrypted via SSL) to for processing. The "transmission" of data is what is making me fall under SAQ D, even though no card holder data is stored they are still saying I am SAQ D since the info is still entered on my website for transmission.
    Which to me seems ridiculous when you look at the requirements of SAQ D and a list of nearly 300 questions to complete, being a very small business owner it is just a nightmare. And yet this seems very common for online businesses to accept payment directly on the website... it's how most e-commerce shops operate! it's so confusing.

    I feel like I am being forced toward using offsite payment methods like PayPal, which defeats the purpose of having a merchant account in the first place for a smooth shopping experience for the customer. I mean, obviously I want my website to be secure and follow standard procedures for accepting credit cards - but it just seems like this is extreme.

    Is this really true that using the Authorize.Net AIM payment module makes you fall under SAQ D? (or any similar method where the customer enters the information on a form on your website and is transmitted to a payment gateway via your shopping cart software). My merchant account provider kept insisting it is. How are other small businesses using this payment method and Zen Cart (or similar) handling this issue?

  2. #2
    Join Date
    Feb 2004

    Have you tried asking ? they should have an interest in making sure they are PCI compliant and in turn providing PCI compliant software.

    On a side note i think the issue is the sotring of Credit Card details. this is the main reason we use worldpay now, as they store all the details, and nothing is store on my server.

    Good luck

  3. #3
    I have been exploitation WPP on a few websites for a while, I have not been asked to achieve PCI Compliance DSS as of so far and have been acceptive payments for about 3 months, my host is PCI Compliance DSS Amenable, if you want the host name send me a pm and I will let you knowing, I would not worry too much though as it is unlikely a CC industry will require to PCI Compliance scrutiny you.

  4. #4
    Last version of zen-cart support PCI DSS finally. Do you use 1.5.x?

  5. #5
    Join Date
    Apr 2003
    Las Vegas, NV -- USA
    You want to look for a payment interface that qualifies for PCI SAQ-A. I know we have one but I'm all but certain there are others ( The key point to qualify for SAQ-A is that card information cannot touch the zen-cart server and instead must only go to a PCI certified third-party gateway. Hope this helps.
    --Steve (blog)

    Shift4 Corporation -- Secure payment processing

Similar Threads

  1. PCI Compliance
    By ColoJS in forum Colocation and Data Centers
    Replies: 15
    Last Post: 06-01-2010, 11:55 AM
  2. X-cart supported, PCI Compliance VPS servers
    By Mark L in forum VPS Hosting Offers
    Replies: 0
    Last Post: 07-09-2009, 04:34 PM
  3. X-cart Hosting - PCI Compliance! - Hands-On Web Hosting
    By Mark L in forum Shared Hosting Offers
    Replies: 0
    Last Post: 07-09-2009, 04:31 PM
  4. PCI Compliance- Is anyone even doing it?
    By KatzenJammer in forum Ecommerce Hosting & Discussion
    Replies: 39
    Last Post: 06-10-2009, 01:25 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts