PCI Compliance
Wasn't real sure where to put this thread, so I stuck it here.
How are you all making sure your sites are PCI complaint? One of my clients is getting letters from his account provider (what do you call the company who gives you a merchant account--I really don't know). They want him to run scans to make sure his site is PCI compliant.
Thing is...I thought that as long as your site uses SSL, and you don't record or keep CC information, that even vulnerabilities would not make him non-compliant.
What's more, If there are vulnerabilities, I'm not sure how he'll be able to fix them since he's using an Open Source shopping cart, and searching the support forums for that software doesn't turn up anything about being PCI compliant.
Is this a problem for anyone else?
How are you all making sure your sites are PCI complaint? One of my clients is getting letters from his account provider (what do you call the company who gives you a merchant account--I really don't know). They want him to run scans to make sure his site is PCI compliant.
Thing is...I thought that as long as your site uses SSL, and you don't record or keep CC information, that even vulnerabilities would not make him non-compliant.
What's more, If there are vulnerabilities, I'm not sure how he'll be able to fix them since he's using an Open Source shopping cart, and searching the support forums for that software doesn't turn up anything about being PCI compliant.
Is this a problem for anyone else?