Post by larrell » Wed May 16, 2018 7:30 am

Totally new to open cart and would like to know if the 2.0 version of opencart is considered PCI compliant by todays standards? I see that there have been many updates since 2.0 was first released. Were there any updates that were made to meet pci so that a 2.0 standard version cart would not meet the requirements today?
Thanks so much in advance!

Newbie

Posts

Joined
Wed May 16, 2018 7:25 am

Post by Johnathan » Thu May 17, 2018 5:40 am

PCI compliance is determined by the payment method you use. You're generally PCI compliant for lowest level of compliance as long as card info doesn't touch your server, which is probably the goal for all stores using OpenCart. You should check with whatever payment method you are using, to make sure it doesn't store or send card data to your server.

For example, my payment extensions for Braintree, Square, and Stripe can store card info, but they do it using PCI-compliant methods where card data doesn't ever touch your servers. The card data is stored in the payment gateway's vault, and you access it by using a tokenized version of the card, or a customer ID value that has the card tied to it. Most of the gateways have documents to help you assess PCI compliance, but as long as you're not doing any custom coding yourself, you should be fine with one of my extensions.

If you're using the built-in OpenCart gateways, I believe they are all PCI compliant, though to varying degrees. For example, the built-in Authorize.net extension does POST the card data back to the server, which requires a higher level of PCI compliance than if card data never touches your server. I believe the built-in Square extension doesn't POST any card data to your server, but you may want to contact the OpenCart support team to ask them about that.

Image
Image Image Image Image Image Image


User avatar
Global Moderator

Posts

Joined
Fri Dec 18, 2009 3:08 am


Post by thekrotek » Thu May 17, 2018 5:53 am

Johnathan wrote:
Thu May 17, 2018 5:40 am
PCI compliance is determined by the payment method you use. You're generally PCI compliant for lowest level of compliance as long as card info doesn't touch your server, which is probably the goal for all stores using OpenCart. You should check with whatever payment method you are using, to make sure it doesn't store or send card data to your server.
Exactly. Like I said before, OpenCart has zero relation to PCI compliance, since it doesn't collect any vital info on payer.

Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com


User avatar
Active Member

Posts

Joined
Sun Jul 03, 2016 12:24 am

Who is online

Users browsing this forum: zzzzzz2 and 19 guests