Ajeh and wilt and I are pleased to announce that Zen Cart v1.5.4 has been formally listed as an approved Payment Application under the PCI PA-DSS specifications.

Approval verification can be seen on this lookup page: https://www.pcisecuritystandards.org...plications.php


Many months of work have gone into doing numerous code updates and improvements as well as tightened security measures such as enhanced password encryption, and the list goes on. You can see the many details of the v1.5.4 release at http://www.zen-cart.com/showthread.p...1-5-4-Released!

You can download Zen Cart v1.5.4 using the download link on the www.zen-cart.com home page, or via www.zen-cart.com/getit

In case it's not evident in the downloadable zip, there is a /docs/ folder which contains installation and upgrade instructions, as well as the Implementation Guide in PDF form. These same documents are available online at: www.zen-cart.com/docs

The technical requirements for using Zen Cart v1.5.4 are shown at: http://www.zen-cart.com/content.php?...o-run-zen-cart

What if I Don't Need PCI Compliance?
For those of you using Zen Cart in a situation where you're not accepting payments with it (such as a showroom/showcase, or simply a CMS), you can turn off the extra PA-DSS stricter settings such as password expiration and password-format rules, etc, using two settings available under Admin->Configuration->My Store. DO NOTE that by turning either of those off you ARE making your site non-compliant for PCI.
So, just to be clear: if you're using your store to process payments in any way, you SHOULD leave the PCI/PA-DSS features enabled.