Totally new to open cart and would like to know if the 2.0 version of opencart is considered PCI compliant by todays standards? I see that there have been many updates since 2.0 was first released. Were there any updates that were made to meet pci so that a 2.0 standard version cart would not meet the requirements today?
Thanks so much in advance!
PCI compliance is determined by the payment method you use. You're generally PCI compliant for lowest level of compliance as long as card info doesn't touch your server, which is probably the goal for all stores using OpenCart. You should check with whatever payment method you are using, to make sure it doesn't store or send card data to your server.
For example, my payment extensions for Braintree, Square, and Stripe can store card info, but they do it using PCI-compliant methods where card data doesn't ever touch your servers. The card data is stored in the payment gateway's vault, and you access it by using a tokenized version of the card, or a customer ID value that has the card tied to it. Most of the gateways have documents to help you assess PCI compliance, but as long as you're not doing any custom coding yourself, you should be fine with one of my extensions.
If you're using the built-in OpenCart gateways, I believe they are all PCI compliant, though to varying degrees. For example, the built-in Authorize.net extension does POST the card data back to the server, which requires a higher level of PCI compliance than if card data never touches your server. I believe the built-in Square extension doesn't POST any card data to your server, but you may want to contact the OpenCart support team to ask them about that.
For example, my payment extensions for Braintree, Square, and Stripe can store card info, but they do it using PCI-compliant methods where card data doesn't ever touch your servers. The card data is stored in the payment gateway's vault, and you access it by using a tokenized version of the card, or a customer ID value that has the card tied to it. Most of the gateways have documents to help you assess PCI compliance, but as long as you're not doing any custom coding yourself, you should be fine with one of my extensions.
If you're using the built-in OpenCart gateways, I believe they are all PCI compliant, though to varying degrees. For example, the built-in Authorize.net extension does POST the card data back to the server, which requires a higher level of PCI compliance than if card data never touches your server. I believe the built-in Square extension doesn't POST any card data to your server, but you may want to contact the OpenCart support team to ask them about that.
Exactly. Like I said before, OpenCart has zero relation to PCI compliance, since it doesn't collect any vital info on payer.Johnathan wrote: ↑Thu May 17, 2018 5:40 amPCI compliance is determined by the payment method you use. You're generally PCI compliant for lowest level of compliance as long as card info doesn't touch your server, which is probably the goal for all stores using OpenCart. You should check with whatever payment method you are using, to make sure it doesn't store or send card data to your server.
Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com
Who is online
Users browsing this forum: No registered users and 104 guests
