7 {{ upvoteCount | shortNum }}
7 {{ upvoteCount | shortNum }}

PCI Compliance and Self Hosted Carts

by Perihelion
5 replies
  • WEB DESIGN
    • |
I see too many people throwing up shops and just ignoring this issue.

Are Cart66 and WooCommerce the only self hosted cart solutions that can be PCI compliant at this time (using Mijireh)?

And with these two, do I also need to set up a ssl? Most likely since customer data is being stored on the website, right? Whose best, comodo?

Are hosted solutions like Ecwid and Bigcommerce just easier and cheaper in the long run? (and no need for an extra ssl)
#carts #compliance #hosted #pci
  • Profile picture of the author RichKent
    I don't think Bigcommerce and Ecwid are easier or cheaper. I've used Bigcommerce and I'm not a fan at all.

    Yes you'll need SSL plus you'll need a dedicated IP too. If you purchase a 'business' plan through Hostgator or someone similar, it includes the dedicated IP and SSL cert for around $10/month - that includes the hosting account too. You don't need to purchase the SSL from a 3rd party.

    Also, WooCommerce is incredibly easy to setup. They did a really good job. Personally I'd stick with WooCommerce as there are lots of extensions available for it with more being developed all the time. That, and there are lots of theme designers that are designing for WooCommerce. Check Themeforest.net and there are at least 20 themes with more being developed every week.
    Signature
    Learn more about Wordpress and SEO
    {{ DiscussionBoard.errors[6706135].message }}
  • Profile picture of the author Ryan Taylor
    I agree that people are ignoring this issue, and we need safe hosting too. PCI Compliant Web Hosting is the great solution and offering services that validating Payment Card Industry so you feel safe and won't become victims of theft.

    PCI hosting use security tools and policies according to PIS standards, my suggestion to get PCI hosting because if you pay for dedicated servers, you will get priority help and support.
    {{ DiscussionBoard.errors[6991850].message }}
  • Profile picture of the author Dan Grossman
    Originally Posted by Perihelion View Post

    Most likely since customer data is being stored on the website, right?
    You're not talking about storing credit card numbers, are you?

    You can't do that without a minimum of two physical servers under your own direct control, and in-person audits of your business from a third-party PCIDSS auditing firm every year.

    Realistically, if you're asking these kinds of questions, you should not be taking payments on your own website under any circumstance. There is no way for you to be compliant with even the level 3 questionnaire at that level of technical knowledge. Use a 3rd party payment processor like PayPal or Stripe where the payment happens on another website -- a website of a company that knows how to do this securely.

    The cost of playing fast and loose with these questions is high. A single unreported loss of payment data as a result of your non-compliance with the PCIDSS requirements carries a fine from Visa of $500,000 per incident. Does your business have an extra half a million dollars?
    Signature
    Improvely: Built to track, test and optimize your marketing.

    {{ DiscussionBoard.errors[6991865].message }}
  • Profile picture of the author so11
    Hello,

    PCI compliance is very complicated topic and extremely hard and constly to achieve and maintain.

    Even if you implement a PCI compliant solution (shopping cart) it does not mean that your business is PCI compliant. Your scope would be much larger than just your shopping cart. Your website, your hosting provider, your operational processes, etc. will have to be compliant.

    To avoid any headache with credit cards or any other payment solutions:

    1. Do not store any payment information
    2. Outsource (shopping cart) to a known provider.

    so11
    Signature
    www.groupesoloviev.com
    We help businesses manage cyber risk and compliance requirements.
    {{ DiscussionBoard.errors[7000281].message }}
  • Profile picture of the author dave_hermansen
    Your self-hosted cart is only half the battle. Getting your web hosting PCI compliant is a huge PITA! You're talking weeks and weeks of scanning and sending reports back and forth with your web host (and that's assuming you have a host that's even willing to help!). Believe me, I've done it before!

    I would highly recommend a hosted solution that's already PCI compliant like BigCommerce. The $24.95/month is certainly worth not having to think about PCI compliance and security issues. Self-hosted carts are dying off, so you'll likely be moving to a hosted solution if you go that route anyway. Save yourself the trouble and just go with one day 1!
    Signature
    BizSellers.com - The #1 place to buy & sell websites!
    We help sellers get the MAXIMUM amount for their websites and all buyers know that these sites are 100% vetted.
    {{ DiscussionBoard.errors[7001258].message }}

Trending Topics