On Friday, March 04, 2011 03:37:40 pm Paul Saenz wrote:

> Can anyone point me to guides, tutorial, or any kind of good
> information that could be helpful for programming and configuring a
> shopping cart in PHP that would be PCI DDS compliant. I did some
> searches on google, but the stuff I found is only minimal, and
> general.

At the risk of you telling me, as you've told others, that you didn't ask for 
this, I thought I'd tell you that this link, from PayPal's page on PCI 
compliance:

https://www.scanalert.com/SignUp.sa?oc=9673

leads to a McAfee offer of one-year of free quarterly compliance checks on up 
to six IP#s.  It's helpful in that as it finds things that make your system 
noncompliant, and as you fix them and rerun the tests, you'll learn a lot 
about what you need to do to become PCI compliant.

A few notes:

While there's nothing in the terms that says anything about PayPal, and while 
the page that links to the above:

https://www.paypal.com/pcicompliance?bn_r=o

can be reached without logging in to PayPal, it's possible this offer is only 
mean to be used by PayPal customers.

Note that the tests run are exhaustive, invasive, and can take a long time to 
complete.  If you're running against a machine you don't own, or if you're in 
a datacenter that may notice it, you might want to contact your provider to 
make them aware of what you're doing.

I've found these tests very helpful; I do a lot of the recommended stuff 
before I run them the first time.

I've found when dealing with the merchant banks the small guys usually deal 
with, such as:

Blue Pay (http://www.bluepay.com)
E-onlinedata (http://www.e-onlinedata.com)

they usually require you subscribe to their own service and pay them for 
quarterly checks.

There's a good set of FAQs here:

http://www.pcicomplianceguide.org/pcifaqs.php

but many apply only to PCI compliance level 4 (which includes most small 
businesses).  An explanation of compliance levels may be found here:

http://www.pcicomplianceguide.org/pcifaqs.php#5

Sorry for the perhaps over-completeness of this reply, but we host small-
businesses who accept credit cards, and we've had to learn all of this.

Jeff
-- 
Jeff Lasman
Post Office Box 52200, Riverside, CA  92517
Our jplists address used on lists is for list email only
Phone +1 909 266-9209, or see: "http://www.nobaloney.net/contactus.html";
_______________________________________________
LinuxUsers mailing list
LinuxUsers@socallinux.org
http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers

Reply via email to