Dino K <socalli...@cloudcomp.info> wrote:
A cart itself cannot be "PCI Compliant" itself... PCI compliance is a process
certification which requires the whole infrastructure/network to adhere to a
certain process regulation... so it's more like... do you capture and store
client payment info, do you encrypt this data when you capture it, do you
encrypt this data when you store it, what do you do with this data, blah
blah... etc etc... When I helped do a security audit for this company which
required PCI compliance they had two external consultants just for the PCI
compliance process which worked for a PCI compliance company, the process was
quite rigorous, they had to have SSL gateways, no root user on their linux
systems, no remote access to payment gateway processing machines, just to name
a few of the technical requirements. We also have a customer in the DC who is
a bank who all they do is process payments and has to be PCI compliant... they
have a whole software suite that has to conform to PCI compliance.
On Fri, Mar 4, 2011 at 3:37 PM, Paul Saenz <forensicneoph...@gmail.com> wrote:
Can anyone point me to guides, tutorial, or any kind of good
information that could be helpful for programming and configuring a
shopping cart in PHP that would be PCI DDS compliant. I did some
searches on google, but the stuff I found is only minimal, and
general.
Thanks
Paul
_______________________________________________
LinuxUsers mailing list
LinuxUsers@socallinux.org
http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
That is one aspect of pci compliance. Software also has to be compliant.
Especially software developed for use by third parties. I don't know of any
floss shopping carts that are compliant.
--
charles n wyble
Systems craftsman to the stars
Xmpp/sip/smtp char...@knownelement.com
Office: 310 929 8793
Cell: 626 539 4344
_______________________________________________
LinuxUsers mailing list
LinuxUsers@socallinux.org
http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
