Announcement

Collapse
No announcement yet.

PCI DSS 4.0 External Compliance Scan

Collapse
X
Collapse
 
  • Page of 10
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 7 8 9 10 template Next
    #136
    Click image for larger version Name: 2025-11-03_11-08-49 - PCI-DSS Fail.png Views: 64 Size: 57.6 KB ID: 558108

    The "fail" has finally hit us...

    Sadge.

    Comment

      #137
      I've failed for years thanks to sd hosting
      https://www.harrisontelescopes.co.uk/

      Ed Harrison - Menmuir Scotland

      Comment

        #138
        Have you tried by scanning the site’s origin IP address, not domain, especially if behind CloudFlare (and you'll probably not pass scans unless your behind CloudFlare).
        Many Thanks
        Lee
        www.mdnsupplies.co.uk
        www.hookandloopfasteners.co.uk

        Comment

          #139
          Using Cloudflare has reduced the amount failures... only 1 remains... HttpOnly/Secure

          Support said this:

          Our code is manipulating cookies both in the JavaScript code (running in the browser) and in the Perl code (running on the server). We made a change in 2022 to set the SameSite attribute to ‘Lax’ to avoid warnings in some browsers.

          The problem with the ‘HttpOnly’ attribute is that it means that the cookie would become inaccessible to the JavaScript code, which would break functionality, e.g. the cart, recent products etc. which rely on cookies.
          I have not manage to find a solution to this.
          I have not tried to raise a false positive on this as it's highly likey will fail - let me know if anyone has done this and succeeded, I will certainly give that a go.

          I raised a point that Sellerdeck is not PCI-DSS compliant... response:

          Sellerdeck has never professed that the software is PCI-DSS compliant. It does not inherently need to be PCI DSS compliant, it is the responsibility of the software user to be PCI-DSS compliant, if they process payments on their website. This has been acheived in the past by using compliant payment service providers.

          Sellerdeck as a business cannot advise you about how to be compliant as we are not PCI-DSS experts. You would need to do your own due diligence to ensure that the requirement is met for your company.
          No point in ClearAccept's SellerdeckPay being compliant when the actual Sellerdeck Platform itself isn't.
          • 1 like

          Comment

            #140
            I had the same response when I asked them the question as to why sellerdeck and their hosting wasn't compliant. Three years of fails for me.
            https://www.harrisontelescopes.co.uk/

            Ed Harrison - Menmuir Scotland

            Comment

              #141
              Just wondering...

              We're only getting these nags on compliance from "worldline-pciportal.com"
              - I guess because the ClearAccept is using merchant id from worldline

              Paypal has never sent us anything on this matter.
              If we just stopped using SellerdeckPay, we'd get no more nagging from worldline(?) - seems crazy.

              I know we have to be compliant and we've done so many tweaks in securing the site (had over 100+ fails this time, but now only failing on 1 problem)

              I don't know what the punishment from worldline when a site is not compliant.

              Comment

              Previous 1 7 8 9 10 template Next
              Working...
              X