To build a PCI-compliant store you must either use PA-DSS validated ecommerce software or have to pay a consultant to validate your shopping cart software for you, which can be very expensive.
ProductCart has been PA-DSS validated, so by using ProductCart you are taking a major step toward running a PCI-compliant ecommerce business. PA-DSS stands for Payment Application Data Security Standards (PA-DSS). ProductCart is officially listed on the PCI Web site as a validated application.
Compliance with the Payment Card Industry (PCI) cardholder data security standards is a requirement for all Internet merchant.
It makes sense. All Web stores should adhere to a common set of security measures to protect everyone's confidential information.
When you use an e-commerce application, the way for your to know whether it adheres to the PCI Security Standards is to find out whether it has been validated as a secure payment application (PA-DSS program).
We know that this is a somewhat confusing topic. Here you will find answers to frequently asked questions about PCI compliance, ProductCart, and how your ProductCart-powered store can be PCI compliance. We hope they help!
Can my ProductCart-powered store be PCI compliant?
Yes, ProductCart v4 is PA-DSS validated. This means that it has been audited and verified to be compliant with the strict requirements of the Payment Application Data Security Standards (PA-DSS).
This, however, does not mean automatic PCI compliance. ProductCart is only one element of your e-commerce business, and other elements of your business (e.g. your Web hosting environment, your payment gateway, your own internal payment data handling practices, etc.) must be compliant as well.
What should I do to obtain a certificate that says that my store is compliant?
You need to sign up for PCI compliance testing with one of the companies that offer this service. There are many vendors that offer this service. We have partnered with McAfee - one of the leaders in the field - to offer you FREE PCI compliance testing. Learn more about free PCI compliance testing from McAfee.
Can software like ProductCart automatically grant PCI compliance?
No, a software application like ProductCart cannot by itself grant a Web store that uses it the status of "PCI Compliant". That's because PCI compliance refers to the entire ecommerce system that powers your store, including your Web hosting environment and the payment gateway used for credit card processing. However, the fact that ProductCart is PA-DSS approved represents a big step towards demonstrating that you are compliant.
The PCI compliance testing service that you sign up with will ask you questions about your entire ecommerce system (e.g. where you are hosted, which payment gateway you are using, etc.).
Will Early Impact assist me in my PCI compliance testing?
No, the PCI compliance testing provider that you sign up with will provide customer service throughout the process. What we have done is to certify ProductCart v4 through the PA-DSS program, as mentioned above. The fact that you are using a PA-DSS certified shopping cart system represents a major step towards PCI compliance.
What if I don't use a PA-DSS validated application?
It will be more difficult for you to complete the PCI Compliance self-assessment questionnaire as you can't prove that the ecommerce software that you are using on your Web store complies with the Data Security Standards set by the PCI Council. To do that, you will have to hire a company that has been certified to perform that assessment. In our experience, those engagements can cost more than $10,000.
So... what's next?