Hi,
I have a strange predicament.
I have recently completed designing an ecommerce website using Actinic Catalog V9, the site is up and running and orders are being taken.
Now, my client is using Security Metrics for PCI scanning, we previously used an earlier version of actinic but decided to upgrade the program and website to be compliant PCI scanning.
We are also using Actinic Payments for our PCI compliant secure payment system.
Now the the site is finished we had hoped that the full site (http for the main site and https for the payment section) would be PCI compliant, but we have found out that the normal hosted part of the site (I will refer to this as http) is not PCI compliant. I have spoken with Security Metrics (SM) about this saying that this part of the site does not take any credit card details and that the payment section deals with all of this.
SM do not agree, as far as they are concerned the entire site must be PCI compliant (http and https).
I have asked our current hosting company about making their shared hosting PCI compliant and they are not interested, they keep on informing us to move to one of their dedicated hosting package, this is simply not economical as the site does not take that amount of money each month and then be profitable.
I have spoken with Actinic about http hosting for the main part of the site and their hosting is also not PCI compliant (Actinic Payments is compliant).
So where am I to go?
Our hosting company won't help us, Actinic cannot either and SM still want the entire site to be PCI compliant.
I am lost, I am interested to know what others are doing about this, how do you become fully PCI compliant and profitable with a site that takes a handful of orders per month?
I have a strange predicament.
I have recently completed designing an ecommerce website using Actinic Catalog V9, the site is up and running and orders are being taken.
Now, my client is using Security Metrics for PCI scanning, we previously used an earlier version of actinic but decided to upgrade the program and website to be compliant PCI scanning.
We are also using Actinic Payments for our PCI compliant secure payment system.
Now the the site is finished we had hoped that the full site (http for the main site and https for the payment section) would be PCI compliant, but we have found out that the normal hosted part of the site (I will refer to this as http) is not PCI compliant. I have spoken with Security Metrics (SM) about this saying that this part of the site does not take any credit card details and that the payment section deals with all of this.
SM do not agree, as far as they are concerned the entire site must be PCI compliant (http and https).
I have asked our current hosting company about making their shared hosting PCI compliant and they are not interested, they keep on informing us to move to one of their dedicated hosting package, this is simply not economical as the site does not take that amount of money each month and then be profitable.
I have spoken with Actinic about http hosting for the main part of the site and their hosting is also not PCI compliant (Actinic Payments is compliant).
So where am I to go?
Our hosting company won't help us, Actinic cannot either and SM still want the entire site to be PCI compliant.
I am lost, I am interested to know what others are doing about this, how do you become fully PCI compliant and profitable with a site that takes a handful of orders per month?
Comment