As a first time user of Actinic business v10, could you please clarify some website security requirement queries I have?
As I've been developing my webstore I wanted to make it as secure as possible and I experimented with the SSL settings for checkout pages and customer login. As I'm a Fasthost user, I quickly came across the well reported issues (on this community), namely that you can't make this work with Fasthosts, you need to put the whole webstore on SSL (unless anyone knows different?).
However, if I decide to use a PSP such as SagePay, I believe there is actually no need to use a SSL on my website at all, as that is provided by the PSP? No credit card details will be entered or recorded on my website but will only be entered via the PSP's virtual terminal. Is that correct? Alternatively, if you do use a SSL on your website to record customer's credit card details, that immediately means that you are responsible for becoming PCI-DSS compliant and this is very expensive? Is that also correct?
What about the recording of customers' names and addresses for delivery purposes? Is it a requirement that they must be recorded using an encrypted SSL? As a new user, I'm assuming that customers' names & addresses will be stored on my own computer/website and I will need to register as a data controller under the Data Protection Act 1998 annually, and it is a criminal offence not to register? Is that correct? The advice given on the Information Commissioner's Office website www.ico.gov.uk is that all customers personal details (e.g. names & addresses) should be stored using encryption. Is that the normal practice for Actnic users? If so, doesn't that mean that a SSL is essential for all webstores even if you use a secure PSP, as you will still be recording customers' names & addresses even if you don't store their credit card details?
As I've been developing my webstore I wanted to make it as secure as possible and I experimented with the SSL settings for checkout pages and customer login. As I'm a Fasthost user, I quickly came across the well reported issues (on this community), namely that you can't make this work with Fasthosts, you need to put the whole webstore on SSL (unless anyone knows different?).
However, if I decide to use a PSP such as SagePay, I believe there is actually no need to use a SSL on my website at all, as that is provided by the PSP? No credit card details will be entered or recorded on my website but will only be entered via the PSP's virtual terminal. Is that correct? Alternatively, if you do use a SSL on your website to record customer's credit card details, that immediately means that you are responsible for becoming PCI-DSS compliant and this is very expensive? Is that also correct?
What about the recording of customers' names and addresses for delivery purposes? Is it a requirement that they must be recorded using an encrypted SSL? As a new user, I'm assuming that customers' names & addresses will be stored on my own computer/website and I will need to register as a data controller under the Data Protection Act 1998 annually, and it is a criminal offence not to register? Is that correct? The advice given on the Information Commissioner's Office website www.ico.gov.uk is that all customers personal details (e.g. names & addresses) should be stored using encryption. Is that the normal practice for Actnic users? If so, doesn't that mean that a SSL is essential for all webstores even if you use a secure PSP, as you will still be recording customers' names & addresses even if you don't store their credit card details?
Comment