With the new PCI-DSS deadline fast looming, now is a good time to double check which shopping carts are ready and which carts are going to be penalised (and even cut off from some payment processors)
- Core Commerce – as of December 31 2009
- Volusion
- Pinnacle Cart – as of July 2010
- 3d Cart – as of Feburary 26 2009
- 1ShoppingCart.com
- Yahoo! Stores – November 30 2009
- Shopify (nothing in the Visa documents yet, but I have verified it)
- Lemonstand can be made PCI compliant easily
- Interspire can be made PCi compliant
- BigCommerce - January 2011 Read BigCommerce Is PCI Compliant
Which Shopping Carts are not PCI Compliant?
- Leave us a comment if you find any – at the moment all the major carts seem up to date
Open source shopping carts and PCI compliance
- ZenCart payment modules are built to PABP compliance assuming no modifications are made to them
- XCart needs significant changes to be made PCI compliant, a default install (storing unmasked Credit cards details) is not and can not be made PCI compliant
- osCommerce as a default installation is not and will not ever be PCI complaint, however it can be made so with significant configuration and payment processor changes.
|
Share the Love
|
Get Free Updates
|
Related posts:
Shopify is PCI compliant? Really? Their video http://www.shopify.com/tour/ says “add ‘admin’ to the URL to get to the admin area.” Guess what, it is still http not https after that. (Too bad. They could have redirected to https even if they keep this “feature”).
0:23 provides URLs: it even lists the admin area as http.
0:33 is the part I recalled from memory.
https://www.pcisecuritystandards.org/pdfs/pci_ssc_quick_guide.pdf
Requirement 2 (2.3) Encrypt all non-console administrative access such as browser/Web-based management tools.
Great report many thanks. I like that you mention that SEO rquires ongoing attention; too many individuals think that SEO involves a large total volume of effort and after that almost nothing more needs be accomplished!