Thread: pci pa-dss

Results 1 to 10 of 10
  1. #1
    Join Date
    Jan 2008
    Posts
    75
    Plugin Contributions
    0

    Default pci pa-dss

    on the pci site it says zen is on pa-dss for existing installs and it expired pa-dss approval in 10/13. is this correct?

  2. #2
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: pci pa-dss

    For Zen Cart v1.5.0, yes.

    v1.5.4 is in the process of being certified for new installs.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Nov 2015
    Location
    Ireland
    Posts
    3
    Plugin Contributions
    0

    Default Re: pci pa-dss

    I am considering using ZenCart because of its PA-DSS certification. Ideally, I would like a two-way exchange of data with my POS system in a bricks-and-mortar store so that stock levels would always be accurate. I understand that this would be technically possible, but would this scenario affect the PA-DSS certification?

  4. #4
    Join Date
    Aug 2005
    Location
    Arizona
    Posts
    27,761
    Plugin Contributions
    9

    Default Re: pci pa-dss

    Quote Originally Posted by Eevans
    POS system in a bricks-and-mortar store
    If you operate out of a store location then you should not be using ZenCart or any other ecommerce script for credit card processing. Therefore you need not concern yourself with pa-dss compliance
    Zen-Venom Get Bitten

  5. #5
    Join Date
    Nov 2015
    Location
    Ireland
    Posts
    3
    Plugin Contributions
    0

    Default Re: pci pa-dss

    Many thanks for the reply, but I'm still a little confused. I'll provide more information, and perhaps you could comment again. The shop has a normal retail Point of Sale(POS) system which scans barcodes etc., and when a sale is made the stock level in the stock database is reduced. Credit card payments are accepted at the counter via a stand-alone terminal common in retail environments. It is my hope to launch a ZenCart website to sell some of my products on-line; the shopping-cart will accept credit cards for on-line purchases. ZenCart is PA-DSS certified which means, as I understand it, that it has been developed in accordance with rules laid down by the PCI organization. What I would like is for my POS database to exchange sales data with ZenCart so that if a sale is made in the physical shop' the stock level available on ZenCart is adjusted accordingly, and vice-versa. I understand from talking to third-party developers that this is technically possible, but they are vague on how this relates to the PA-DSS certification of ZenCart. Basically, my question is : if some software is developed to do what I require, is it classed as a plug-in and, as such, does it mean that my installation of ZenCart would not be recognised as PA-DSS compliant. Hope all this is clear. Best regards.

  6. #6
    Join Date
    Aug 2005
    Location
    Arizona
    Posts
    27,761
    Plugin Contributions
    9

    Default Re: pci pa-dss

    There used to be a POS system based upon ZenCart with bar code scanning ability
    I think that it is defunct

    Your current POS database is most likely not in the same format as ZenCart's database and there the snag exists

    Getting them to talk to each other - or better yet getting your POS to use ZenCart's database

    If when you setup an online store - you should/will use a "gateway" where the cresit cards are processed i.e. not on your site but through the gateway. This transfers the bulk of pci/dss handling over to them.
    Zen-Venom Get Bitten

  7. #7
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: pci pa-dss

    Let me attempt to clarify what I think kobra was trying to say...
    Quote Originally Posted by Eevans View Post
    Basically, my question is : if some software is developed to do what I require, is it classed as a plug-in and, as such, does it mean that my installation of ZenCart would not be recognised as PA-DSS compliant. Hope all this is clear. Best regards.
    Yes. In fact, ALL changes you've made to your Zen Cart store affect compliance. It's up to you and your developer to self-assert that all your changes are also compliant (ie: that those changes observe all appropriate security measures, privacy measures, remote-access controls, encryption rules, etc, and that all development activities observe all the same rules, as set out by the PCI council).

    We here cannot make any binding statement that will make your store compliant regardless what changes you make. It's up to you to ensure your developer writes compliant code. And it's up to you to assert (that's you giving your word) to the PCI Council (or typically to your payment processing company) that all changes you've made/installed/added are compliant.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  8. #8
    Join Date
    Nov 2015
    Location
    Ireland
    Posts
    3
    Plugin Contributions
    0

    Default Re: pci pa-dss

    That's crystal clear. Many thanks, and best regards.

  9. #9
    Join Date
    Dec 2015
    Location
    60622
    Posts
    4
    Plugin Contributions
    0

    Default Re: pci pa-dss

    will customer credit card information now be allowed to be stored with zen cart?

  10. #10
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: pci pa-dss

    Quote Originally Posted by windycityparrot View Post
    will customer credit card information now be allowed to be stored with zen cart?
    Your webstore should never store credit card data.

    Zen Cart specifically prevents the storing of credit card numbers in its database.

    If you need to store credit card data, you should either certify yourself as a Level 1 PCI Data Center (unrealistic for most stores), or use a payment module which processes cards using a gateway (such as Authorize.net's gateway) which interacts with an certified Data Center qualified for storing card data.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

 

 

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR