On Friday, March 04, 2011 03:37:40 pm Paul Saenz wrote: > Can anyone point me to guides, tutorial, or any kind of good > information that could be helpful for programming and configuring a > shopping cart in PHP that would be PCI DDS compliant. I did some > searches on google, but the stuff I found is only minimal, and > general.
At the risk of you telling me, as you've told others, that you didn't ask for this, I thought I'd tell you that this link, from PayPal's page on PCI compliance: https://www.scanalert.com/SignUp.sa?oc=9673 leads to a McAfee offer of one-year of free quarterly compliance checks on up to six IP#s. It's helpful in that as it finds things that make your system noncompliant, and as you fix them and rerun the tests, you'll learn a lot about what you need to do to become PCI compliant. A few notes: While there's nothing in the terms that says anything about PayPal, and while the page that links to the above: https://www.paypal.com/pcicompliance?bn_r=o can be reached without logging in to PayPal, it's possible this offer is only mean to be used by PayPal customers. Note that the tests run are exhaustive, invasive, and can take a long time to complete. If you're running against a machine you don't own, or if you're in a datacenter that may notice it, you might want to contact your provider to make them aware of what you're doing. I've found these tests very helpful; I do a lot of the recommended stuff before I run them the first time. I've found when dealing with the merchant banks the small guys usually deal with, such as: Blue Pay (http://www.bluepay.com) E-onlinedata (http://www.e-onlinedata.com) they usually require you subscribe to their own service and pay them for quarterly checks. There's a good set of FAQs here: http://www.pcicomplianceguide.org/pcifaqs.php but many apply only to PCI compliance level 4 (which includes most small businesses). An explanation of compliance levels may be found here: http://www.pcicomplianceguide.org/pcifaqs.php#5 Sorry for the perhaps over-completeness of this reply, but we host small- businesses who accept credit cards, and we've had to learn all of this. Jeff -- Jeff Lasman Post Office Box 52200, Riverside, CA 92517 Our jplists address used on lists is for list email only Phone +1 909 266-9209, or see: "http://www.nobaloney.net/contactus.html" _______________________________________________ LinuxUsers mailing list LinuxUsers@socallinux.org http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers