A cart itself cannot be "PCI Compliant" itself... PCI compliance is a process certification which requires the whole infrastructure/network to adhere to a certain process regulation... so it's more like... do you capture and store client payment info, do you encrypt this data when you capture it, do you encrypt this data when you store it, what do you do with this data, blah blah... etc etc... When I helped do a security audit for this company which required PCI compliance they had two external consultants just for the PCI compliance process which worked for a PCI compliance company, the process was quite rigorous, they had to have SSL gateways, no root user on their linux systems, no remote access to payment gateway processing machines, just to name a few of the technical requirements. We also have a customer in the DC who is a bank who all they do is process payments and has to be PCI compliant... they have a whole software suite that has to conform to PCI compliance.
On Fri, Mar 4, 2011 at 3:37 PM, Paul Saenz <forensicneoph...@gmail.com>wrote: > Can anyone point me to guides, tutorial, or any kind of good > information that could be helpful for programming and configuring a > shopping cart in PHP that would be PCI DDS compliant. I did some > searches on google, but the stuff I found is only minimal, and > general. > > Thanks > Paul > _______________________________________________ > LinuxUsers mailing list > LinuxUsers@socallinux.org > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers >
_______________________________________________ LinuxUsers mailing list LinuxUsers@socallinux.org http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
