Yes, I am aware of all those requirements. Because of the way it is set up, AWS provides compliance for many of those factors, and they have several AMIs that meet the requirements of PCI DDS compliance in their respective factors. Of course SSL gateways and no remote access are some of the things that the administrator will have to implement. As I have been looking over the requirements of PCI DDS compliance, I just thought I'd ask the group if anyone has good information or documentation about how to program a shopping cart that will be compliant in PHP. So letting alone all the other factors that apply, I'm just asking about that which applies to php.
I know of a company that provides a PHP shopping cart that is PCI DDS compliant for $500+ depending on how many items are being sold, and they give a training course on how to deploy and configure it for $2500. If I go that route, then I am free to sell that shopping cart to anyone I desire. Nevertheless, it seems to me that it may be worth my while to learn how to program and configure one myself. On Sat, Mar 5, 2011 at 2:02 AM, Dino K <socalli...@cloudcomp.info> wrote: > A cart itself cannot be "PCI Compliant" itself... PCI compliance is a > process certification which requires the whole infrastructure/network to > adhere to a certain process regulation... so it's more like... do you > capture and store client payment info, do you encrypt this data when you > capture it, do you encrypt this data when you store it, what do you do with > this data, blah blah... etc etc... When I helped do a security audit for > this company which required PCI compliance they had two external consultants > just for the PCI compliance process which worked for a PCI compliance > company, the process was quite rigorous, they had to have SSL gateways, no > root user on their linux systems, no remote access to payment gateway > processing machines, just to name a few of the technical requirements. We > also have a customer in the DC who is a bank who all they do is process > payments and has to be PCI compliant... they have a whole software suite > that has to conform to PCI compliance. > > On Fri, Mar 4, 2011 at 3:37 PM, Paul Saenz <forensicneoph...@gmail.com> > wrote: >> >> Can anyone point me to guides, tutorial, or any kind of good >> information that could be helpful for programming and configuring a >> shopping cart in PHP that would be PCI DDS compliant. I did some >> searches on google, but the stuff I found is only minimal, and >> general. >> >> Thanks >> Paul >> _______________________________________________ >> LinuxUsers mailing list >> LinuxUsers@socallinux.org >> http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > > > _______________________________________________ > LinuxUsers mailing list > LinuxUsers@socallinux.org > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > > _______________________________________________ LinuxUsers mailing list LinuxUsers@socallinux.org http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
