Are credit card information ever stored on the cart/server host?
Are credit card information ever stored on the cart/server host? I can't find a setting in the admin or in manual about an option to store or not to store credit card information. i tested virtuemart and there was a part to uncheck mark the store credit card information.
Does zen cart have something similar?
I just checked out a few carts that talk about PCI Compliance on their website description. Does zen cart have any of these features?
CS-Cart
----------------
Cardholder data protection in CS-Cart is provided for both offline and online payment methods. In case of offline order processing cardholder data is encrypted with the Blowfish algorithm and stored to the CS-Cart database. After the order is processed, the credit card information can be deleted automatically.
If the order processing is carried out online, double protection is possible. In addition to the Blowfish encryption, data can also be encoded with the certificate-based encryption during transmission over networks, as CS-Cart supports SSL certificates of all types.
Avactis Cart
------------
Cardholder and card data stored in database is encrypted by RSA algorithm. Private key is located at store administrator’s local computer only.
Cardholder and card data collected during checkout is encrypted by Blowfish algorithm. Secret key is passed using HTTPS encryption only.
In order to view credit card data, store administrator has to upload his private key from his local computer.
After key upload the data is decrypted and displayed, while the key is instantly deleted. All these operations are performed over an HTTPS connection to make data interception impossible
Re: lp Are credit card information ever stored on the cart/server host?
Quote:
Originally Posted by
purelife
Are credit card information ever stored on the cart/server host?
If you are using the latest version of Zen Cart (presently v1.3.9), then the answer is no.
That is, using unaltered Zen Cart code, there is NO credit card PAN storage happening anywhere.
If you customize the code to store PAN information, or add addons which do store it in some way, then that's something you need to address yourself and report on your PCI Compliance self-assessment.
Re: lp Are credit card information ever stored on the cart/server host?
Just curious ... you indicated in one of your first posts that you were using PayPal Pro. If that is the case, why are you so interested in PCI compliance?