on the pci site it says zen is on pa-dss for existing installs and it expired pa-dss approval in 10/13. is this correct?
on the pci site it says zen is on pa-dss for existing installs and it expired pa-dss approval in 10/13. is this correct?
For Zen Cart v1.5.0, yes.
v1.5.4 is in the process of being certified for new installs.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
I am considering using ZenCart because of its PA-DSS certification. Ideally, I would like a two-way exchange of data with my POS system in a bricks-and-mortar store so that stock levels would always be accurate. I understand that this would be technically possible, but would this scenario affect the PA-DSS certification?
If you operate out of a store location then you should not be using ZenCart or any other ecommerce script for credit card processing. Therefore you need not concern yourself with pa-dss complianceOriginally Posted by Eevans
Zen-Venom Get Bitten
Many thanks for the reply, but I'm still a little confused. I'll provide more information, and perhaps you could comment again. The shop has a normal retail Point of Sale(POS) system which scans barcodes etc., and when a sale is made the stock level in the stock database is reduced. Credit card payments are accepted at the counter via a stand-alone terminal common in retail environments. It is my hope to launch a ZenCart website to sell some of my products on-line; the shopping-cart will accept credit cards for on-line purchases. ZenCart is PA-DSS certified which means, as I understand it, that it has been developed in accordance with rules laid down by the PCI organization. What I would like is for my POS database to exchange sales data with ZenCart so that if a sale is made in the physical shop' the stock level available on ZenCart is adjusted accordingly, and vice-versa. I understand from talking to third-party developers that this is technically possible, but they are vague on how this relates to the PA-DSS certification of ZenCart. Basically, my question is : if some software is developed to do what I require, is it classed as a plug-in and, as such, does it mean that my installation of ZenCart would not be recognised as PA-DSS compliant. Hope all this is clear. Best regards.
There used to be a POS system based upon ZenCart with bar code scanning ability
I think that it is defunct
Your current POS database is most likely not in the same format as ZenCart's database and there the snag exists
Getting them to talk to each other - or better yet getting your POS to use ZenCart's database
If when you setup an online store - you should/will use a "gateway" where the cresit cards are processed i.e. not on your site but through the gateway. This transfers the bulk of pci/dss handling over to them.
Zen-Venom Get Bitten
Let me attempt to clarify what I think kobra was trying to say...Yes. In fact, ALL changes you've made to your Zen Cart store affect compliance. It's up to you and your developer to self-assert that all your changes are also compliant (ie: that those changes observe all appropriate security measures, privacy measures, remote-access controls, encryption rules, etc, and that all development activities observe all the same rules, as set out by the PCI council).
We here cannot make any binding statement that will make your store compliant regardless what changes you make. It's up to you to ensure your developer writes compliant code. And it's up to you to assert (that's you giving your word) to the PCI Council (or typically to your payment processing company) that all changes you've made/installed/added are compliant.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
That's crystal clear. Many thanks, and best regards.
will customer credit card information now be allowed to be stored with zen cart?
Your webstore should never store credit card data.
Zen Cart specifically prevents the storing of credit card numbers in its database.
If you need to store credit card data, you should either certify yourself as a Level 1 PCI Data Center (unrealistic for most stores), or use a payment module which processes cards using a gateway (such as Authorize.net's gateway) which interacts with an certified Data Center qualified for storing card data.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Bookmarks