There are some interesting threads on the ubercart site about PCI issues, you can google those.
On Sat, Mar 5, 2011 at 8:37 PM, Paul Saenz <forensicneoph...@gmail.com>wrote: > Yes, I am aware of all those requirements. Because of the way it is > set up, AWS provides compliance for many of those factors, and they > have several AMIs that meet the requirements of PCI DDS compliance in > their respective factors. Of course SSL gateways and no remote access > are some of the things that the administrator will have to implement. > As I have been looking over the requirements of PCI DDS compliance, I > just thought I'd ask the group if anyone has good information or > documentation about how to program a shopping cart that will be > compliant in PHP. So letting alone all the other factors that apply, > I'm just asking about that which applies to php. > > I know of a company that provides a PHP shopping cart that is PCI DDS > compliant for $500+ depending on how many items are being sold, and > they give a training course on how to deploy and configure it for > $2500. If I go that route, then I am free to sell that shopping cart > to anyone I desire. Nevertheless, it seems to me that it may be worth > my while to learn how to program and configure one myself. > > On Sat, Mar 5, 2011 at 2:02 AM, Dino K <socalli...@cloudcomp.info> wrote: > > A cart itself cannot be "PCI Compliant" itself... PCI compliance is a > > process certification which requires the whole infrastructure/network to > > adhere to a certain process regulation... so it's more like... do you > > capture and store client payment info, do you encrypt this data when you > > capture it, do you encrypt this data when you store it, what do you do > with > > this data, blah blah... etc etc... When I helped do a security audit for > > this company which required PCI compliance they had two external > consultants > > just for the PCI compliance process which worked for a PCI compliance > > company, the process was quite rigorous, they had to have SSL gateways, > no > > root user on their linux systems, no remote access to payment gateway > > processing machines, just to name a few of the technical requirements. > We > > also have a customer in the DC who is a bank who all they do is process > > payments and has to be PCI compliant... they have a whole software suite > > that has to conform to PCI compliance. > > > > On Fri, Mar 4, 2011 at 3:37 PM, Paul Saenz <forensicneoph...@gmail.com> > > wrote: > >> > >> Can anyone point me to guides, tutorial, or any kind of good > >> information that could be helpful for programming and configuring a > >> shopping cart in PHP that would be PCI DDS compliant. I did some > >> searches on google, but the stuff I found is only minimal, and > >> general. > >> > >> Thanks > >> Paul > >> _______________________________________________ > >> LinuxUsers mailing list > >> LinuxUsers@socallinux.org > >> http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > > > > > > _______________________________________________ > > LinuxUsers mailing list > > LinuxUsers@socallinux.org > > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > > > > > _______________________________________________ > LinuxUsers mailing list > LinuxUsers@socallinux.org > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers >
_______________________________________________ LinuxUsers mailing list LinuxUsers@socallinux.org http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
