Announcement

**Shirley Beech** · 17-Apr-2008, 08:54 AM

Originally posted by leehack

I still think you have the wrong angle of looking at this, it's about your payment processing more than your hosting. UNcompliant hosting + compliant PSP is fine. You have the option for pre-auth with PSPs, I think this is going to become the law to use in the future, so you are only taking money when shipping the products.

The days of your own padlock and downloading orders onto your PC to process manually are finished and rightly so. 50% of site owners can still not grasp taking a snapshot each day and storing it safely, how on earth can we put these people in charge of 1000's of credit card details? More important than that, if their system gets robbed, they present a thief with 1000's of card numbers and addresses AND they have no backup records of the sales most of the time.

Some Actinic users are seriously walking a tight rope, the quicker they are forced to protect things properly, the better. There is a big case with a huge compensation claim just waiting around the corner for someone at the moment, once it happens, everyone will run round like headless chickens getting a PSP.

Lee,

Thanks for your comments. Having delved into this, we are now a lot clearer about it than we were, and we were not prepared to go "self certification", hence the paying of SecurityMetrics to check out our vulnerability. We will take your advice and update to v9, and hopefully will then be able to use Acticnic as the PSP provider.

Having my credit card cloned, when purchasing petrol at a garage, I realise what can happen also.

Again thanks.

Shirley

**RuralWeb** · 17-Apr-2008, 09:06 AM

PCI is a bit like the credit crunch we are seeing at the moment. People like up and I have been warning about it for a couple of years but its now here and there is a panic. Actinic payments can be seen a bit like the bank of England trying to pull us all out the crisis

Still actinic is coping better than alot of other econmerce software at the moment. I can see an aufull lot of sites having to close down and perhaps for once actinic are one step ahead of the game.

**Shirley Beech** · 17-Apr-2008, 09:18 AM

Mal,

Thanks again for your comment. I realise that now. Hopefully it will all work out in the end. Even shops with websites must be having problems also with this PCI compliance. I would like to know of one company that has passed the Compliance test!!!

Shirley

**pinbrook** · 17-Apr-2008, 09:25 AM

Several points

1level 4 self cert is a lor easier to acheive than jumping throug loopswith Security Metrics

2 using a psp means they have to show compliance and not you, see other threads on pci to see this dicussed

3 actinic with ssl or shared ssl is not compliant, not because of security of encryption but more becauseof procedures,pci is all about procedures

4 pinbrook dedicated servers are managed- thus to run a site on one of our DS does not require any tech knowledge, you get the same control panel as shared hosting (we manage the server)

5 Actincic payments has been incorporated into 8.5.3 due for release very soon (today, tomorrow) and v9 anddoes allow things like taking payment on shipping not on ordering. AP hasbeen written with PCI in mind and replaces actinic shared ssl and using ssl on it own

**RuralWeb** · 17-Apr-2008, 09:55 AM

Jo don't you get tiered of posting this info all the time. IMO chris should make a statement similar to your last post a sticky so we can avoid anymore threads like this

**Shirley Beech** · 17-Apr-2008, 10:59 AM

Originally posted by pinbrook

Several points

1level 4 self cert is a lor easier to acheive than jumping throug loopswith Security Metrics

2 using a psp means they have to show compliance and not you, see other threads on pci to see this dicussed

3 actinic with ssl or shared ssl is not compliant, not because of security of encryption but more becauseof procedures,pci is all about procedures

4 pinbrook dedicated servers are managed- thus to run a site on one of our DS does not require any tech knowledge, you get the same control panel as shared hosting (we manage the server)

5 Actincic payments has been incorporated into 8.5.3 due for release very soon (today, tomorrow) and v9 anddoes allow things like taking payment on shipping not on ordering. AP hasbeen written with PCI in mind and replaces actinic shared ssl and using ssl on it own

Thanks Jo,

I feel more confident now and understand a lot more, and would like to thank Lee, Mal and yourself for all your help. We will update to v9 and go to Actinic Payments when they are ready.

Kind regards

Shirley

**RuralWeb** · 17-Apr-2008, 11:23 AM

its a big boat and we are all in it so don't panic as I don't think the PCI police will be banging on your door anytime soon. Its a bit like DDR there is a �5000 fine for not being compliant for that as well but not may people worry about that even when most sites fail.

**pinbrook** · 17-Apr-2008, 11:47 AM

Jo don't you get tiered of posting this info all the time. IMO chris should make a statement similar to your last post a sticky so we can avoid anymore threads like this

I'm used to repeating myself - i do it all the time at home

Announcement

PCI Compliance + Barclaycard PDQ + v7

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment