Questions about PCI Compliance
Question 1:
Let’s say that you are a small merchant and are “very close” to being PCI compliant. You don’t store credit card numbers. You definitely pass the merchant bank’s requirements for compliance, but there are a couple vague items in the PCI DSS self-addressed questionnaire that you don’t adhere to quite perfectly, but you’ve definitely tried. Let’s then say that you’ve somehow gotten a security breach and now VISA is auditing you.
I am well aware that you are responsible for the fraudulent charges on the cards that have been compromised, as well as all associated costs in repairing the damage.
My question is about the fines… in your opinion, or based on anecdote, will VISA fine you out of business? Or will they assess “how far” in the wrong you are and fine you accordingly? The only thing I know about their fines is that they “could be up to $500,000″.
Question 2:
Have you heard of the July 1 rule? Many informed people believe that on July 1st whatever software you use that touches credit card information (shopping cart software included) must not only be PCI compliant, it must be PCI validated. This means that it must appear on this list:
https://www.pcisecuritystandards.org…oval_list.html
this rule is stated here on the official PCI site http://www.pcicomplianceguide.org/pcifaqs.php
“ALL PCI Level 4 merchants (new and existing) using third-party software must use validated applications. July 1, 2010″
however it’s Visa that is going to audit you, not the PCI. And Visa is a huge part of the PCI, and explicitly states that it adopts the PCI-DSS in lieu of their own pre-existing rules. And on their site (http://usa.visa.com/merchants/risk_m…lications.html) they say:
“While the use of PA-DSS validated payment applications is recommended, a payment application need not be included on Visas list of PABP validated payment applications or PCI SSCs list of PA-DSS validated payment applications in order to comply with Phase 2, Phase 3 and Phase 5 requirements for use of PA-DSS compliant applications. Acquirers may determine the PA-DSS compliancy of a payment application through alternate validation processes, which should confirm that payment applications meet PA-DSS requirements and should facilitate compliance with the PCI DSS.”
these two statements seem to be in direct conflict of each other. My question to you is wtf is going on with this rule?
thanks for reading.
Etiketler: about, compliance, pci, questions
shopping cart for print shop?
Hello,
Curious as to what shopping carts are available for print shops.
Prefer a cart that is open source “free or paid” and is owned not leased.
Some websites:
uprinting “dot”com
vistaprint “dot”com
online design editor is not as important as the qty, shipping etc the way it is outlined. Of course a design editor would be great to have.
Are there solutions out there already or would a custom shopping cart need to be developed?
How to obtain sample product data feed
Hello,
I am reposting and following the guidelines sent by Dan so hopefully this acceptable…
We are a German software company and we are working on launching a SaaS site search service for online stores. The problem is that, since we haven’t launched yet, we don’t have English language stores among our customers yet, and we don’t have English-language product feed data to display in our online demo.
Can anyone advise me as to where we can find sample product feed data (shopping.com or Google merchant format) so we can build a demo with it like we did on our German shop?
http://test-db.sellbysearch.com/demo_sbs/
Ideally we are looking for shopping.com or Google merchant format feeds but we can probably parse and use anything else.
We prefer large product catalogs with complex product names and category structures that are to search.
Thanks in advance to the community.
Dan Nicollet
Exorbyte
+1 503 616 4007
Merchant accounts: qualified vs non-qualified rates
Hopefully this topic won’t be too boring for the forum, but I think its worth discussing.
I notice paypal charges a flat percentage of 2.4%-3.1% depending on volume (+ the per transaction fee), whereas most merchant account providers charge in the range of 2.2% + 1%-1.5% for non-qualified cards. Non qualified card rates apply to corporate, international, and rewards cards, along with cards that don’t have full AVS info.
If most cards are charged at the non-qualified rate (all cards I own fit that category) this actually makes paypal cheaper than a regular merchant account. I think all recurring billings will automatically get the non-qualified surcharge since the CVV security code can’t be stored on file.
Are you guys finding that most of your e-commerce transactions are charged at the non-qualified rate? If so, maybe paypal is the better option!
Do you know market share for OS Commerce, Magento, Volusion, etc?
Hello,
We are wondering what platforms most people use. We are building plugins for our store search software for online stores. We built one for Magento, another for a platform called Oxid out of Germany, but OS Commerce, Volusion, etc? How many users do they have?
Can you answer a quick poll to say which one you think has the largest install base of active shops?
Thanks,
Dan
Etiketler: commerce, do, etc, for, know, magento, market, os, share, volusion, you
paypal or moneybookers?
which do you prefer: paypal or moneybookers?
Etiketler: moneybookers, or, paypal
third party collection of payment through my website using paypal.
i have a website and i am the owner of the site, and there are third party agents who sells their products i want to charge certain % of per order for them… but i am not sure how would i collect the payments from normal customers who purchases the products from my site…. would i store in my paypal account or…. something?
Etiketler: collection, my, of, party, payment, paypal, third, through, using, website
Turning Blog into profits advice
Total newb question but was wondering if somebody can point us in the right direction and turning our blog into an ecommerce business? Can you sell advertising? Is it Adsense? What is the best way? Are there consultants that have a proven system? Thanks.
Help to id this ecommerce script
Can someone help me id the following websites cart script
I would be greatfull if you could help me id this
Regards
eCommerce
I am trying to help a relative to get create an online store for a small business. This is new to me and I am having difficulty with all the various materials I have been reading. Is thre a good primer on how to do it? I do not need an enterprise solution but one that works seamlessly. I have also seen there are eCommerce hosts that offer services such as BigCommerce and the rest. What is a good way to do it? Any help?
Admin: Please move this post to eCommerce topics.
Etiketler: ecommerce
