We now offer McAfee PCI Compliance Service, a simplified and easy-to-use system that is optimized for Level 2, 3, and 4 merchants that need to successfully complete all requirements for PCI certification. Only $99/yr. – a 65% saving!
McAfee PCI Compliance Service is designed for Level 2-4 merchants that need to successfully and confidently complete the steps necessary for PCI certification. Originally developed for Visa International, the service includes automated state-of-the-art scanning, an online self-assessment questionnaire, McAfee Technical Assist (extensive technical support, such as vulnerability remediation assistance), and the PCI Wizard to help manage compliance activities. Tens of thousands of organizations around the world—from government agencies and online retailers, to nonprofits and manufacturers—trust McAfee to audit their initial and ongoing PCI compliance status.No Comments
The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI DSS. Payment applications that are sold, distributed or licensed to third parties are subject to the PA-DSS requirements. In July of 2010 standards will no longer be option, but required by any payment application dealing with card holder data. Simply put, if a merchant is not running a PA DSS-validated application after the deadline, they will automatically fail their PCI assessment.
In July of next year, new merchants that apply to get a merchant account will have to show the bank, as one of the steps to getting the account, that they are using a PA DSS certified shopping cart. Currently the only place that will have the verified list is the Visa website. If the cart they are using isn’t certified, the store owner will not be able to get a merchant account. Increasingly, merchants are getting letters about compliance and it will ultimately lead much higher fees for those on an uncertified platform and, we believe, ultimately to the cancellation of services if an approved platform isn’t adopted.
We are in the final stages of being certified and our 3.7 release will be our first PA DSS certified release. We are trying to be on the leading edge of the education process for our industry and it is very clear there are a lack of understanding and a ton of misinformation out there. I have personally been sending in requests to cart companies asking about PA DSS certification. My question is simply – are you currently, or in the process of becoming PA DSS certified for your shopping cart? Here are a couple responses.
“It does not need to be. The server is the portion that needs the certification as the cart does not handle the CC information but hands it off to a payment gateway.”
Here’s another – “PA DSS software vendor – I am 99% sure this is for your quarterly network scans which need to take place. We use MacAfee which are qualified.
I have more but all of them are patently false answers. Unless you are only using a payment product like PayPal standard where the card holder data isn’t touched by the application, you should be using a PA-DSS certified application. We are seeing an increase in this type of offering from the gateway companies but these pages aren’t on the client’s website and that simple change guarantees a decrease in sale conversions. I will write a separate post on this topic in the coming weeks.
It’s important to understand that at the time of this posting, no open source or “free” application has announced any intent of certifying their applications PA-DSS. In fact, Magento has clearly stated on their site they WILL NOT be certifying their community application and are encouraging customer to move up to their $10,000 enterprise level application to reach certification. This, of course puts many merchants in a bad situation. We are in the process of working with a number of vendors who will assist clients in moving from these non-compliant applications into Pinnacle Cart.
Undoubtedly, the changes in our industry will create considerable consolidation. By and large the shopping cart industry has been considered a cottage industry made up of hundreds of companies with just 2-3 people. The tens of thousands of dollars that must be invested and the changes to the software product will be too much for many to withstand.
As part of our effort to educate the industry, we will have a booth at the Hosting Con Tradeshow in Washington D.C., next month and I will be part of a panel speaking on this topic. Hope to see some of you at the convention or at our booth #343.
Feel free to give me a call or drop me an email to discuss further.
Mike AugerPosted on: 3 Comments
Craig Fox, our Founder and VP of Product Development was recently invited to provide some insight into PA-DSS / PCI compliance and it’s effects in the ecommerce industry for The Web Host Industry Review, better known as The WHIR . Here are some snippets from the article:
“We’ve completed that compliance ring – what we call the remediation process – with our QSA,” says Craig Fox, VP of product development at e-commerce software firm Pinnacle Cart. “Everything seems to be coming clean.” According to Fox, the total initial cost associated with certification for Pinnacle Cart is likely to be in the range of $20,000 to $30,000 – a manageable cost of doing business, and not something the company intends to pass on to its customers in the form of a price increase, but by no means an insignificant sum of money.No Comments
We know the survey may have been a surprise to many of you who have been waiting on a new beta version on a new platform. I would like to take a few minutes to explain where we are and the direction of the company.
Many of you have recently completed a survey we sent you relating to feature sets for a new version of our shopping cart software.
At the end of last year we were in the process of developing a new platform for Pinnacle Cart that would take us into the next decade. As we began developing the product we also began to understand the challenges and opportunities associated with PA DSS (Payment Applicant Data Security Standard). Visa and MasterCard will begin to enforce this new standard on all shopping carts and any payment application that accepts credit cards in July of 2010. In a nutshell, as a small business owner, this is another requirement for you to be PCI compliant.
Certification is an expensive and time consuming process as we work with a 3rd party QSA recommended by Visa/MC. In addition, our company will have to absorb this expense every time we come out with a significant change to our software. We are making every effort to not pass this expense along to our customers and have been able to keep that goal to date by not increasing the cost of the software. But as you can probably imagine it has forced us to change the way we look at development and releases. The great news for you is Pinnacle Cart will be a leader in PA DSS certification and education.
We have made a major decision to delay the release 4.0 and certify “Pinnacle Cart 3.7 PA DSS.” Of course, by default, it will also mean that 4.0 will also be certified when it is released. The survey you received some time back will go a long way to defining the some of the features associated with 3.7. Many of the features are in the process of being built or already have been built and Craig will have a post about the feature set and the timeline to release. This was a difficult decision as we are very excited about getting to the new platform. The funny thing about the new platform is that it actually IS the reason we decided to come out with an interim release. A new platform undoubtedly creates challenges for upgrades. Though we will provide documentation, a path to upgrade and continue to offer services to assist in the upgrade there will still be work to do. On the other hand, if you are on a 3.4, 3.5 or 3.6 series cart, upgrading to a 3.7 cart is quite easy. Combined, it was obvious we needed to certify a new release for older clients who now must upgrade to 3.7 to have a PA DSS certified shopping cart. Providing choices for our customers has been a cornerstone of our business and this is a great example of changing our direction to better server our entire customer base.
We are excited and look forward to a summer release of 3.7 and a substantial new feature set.
Mike AugerPosted on: No Comments