Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


These support forums are now closed for new topics and comments.
Please head on over to http://eureka.ucommerce.net/ for support.

  • Justin Grimm 56 posts 138 karma points
    Oct 11, 2010 @ 21:36
    Justin Grimm
    0

    PCI Compliance and Compatibility

    Interested in possibly purchasing a pro license of uCommerce.  But can't find any data on whether or not the software is fully PCI Compliant or not.  

    Also concerned about it's compatibility with Umbraco's 4.5.2 release.

    Thanks,
    Justin

  • Søren Spelling Lund 1797 posts 2786 karma points
    Oct 12, 2010 @ 09:46
    Søren Spelling Lund
    0

    Hi Justin,

    uCommerce doesn't handle any sensitive payment information at all. The integration model we use with payment processors puts that sort of information exclusively on their server so PCI compliance is up the payment processor instead of the the app itself and indeed the hosting facilities it's placed in.

    If you go ahead and store sensitive information anyway you can use the standard .NET encryption libraries to secure your information.

    uCommerce is compatible with both 4.0 and 4.5. All testing is done using both Umbraco 4.0.4.2 (latest 4.0 before moving to 4.5) and the latest 4.5 release (4.5.2 as of writing this).

    Hope this helps.

  • Justin Grimm 56 posts 138 karma points
    Oct 12, 2010 @ 16:08
    Justin Grimm
    0

    That does help, Thanks Soren!

  • e 23 posts 42 karma points
    Nov 07, 2011 @ 16:36
    e
    0

    Soren,

    Would you be able to expand on that a bit?

    Is the form that gathers credit card data hosted off site entirely?  From my understanding of PCI compliance, even if the the credit card information is simply gathered on a form running on our website but is then passed on to someone else for processing, the website DOES have a level of PCI compliance to adhere to.

    Even without storing the information, the gathering and passing of the information has to satisfy some guidelines, and i was hoping you could fill in some details on how/where credit card information is gathered, and how it is posted to a credit card processor.

     

     

     

  • Søren Spelling Lund 1797 posts 2786 karma points
    Nov 07, 2011 @ 16:43
    Søren Spelling Lund
    0

    Hello,

    The payment forms are hosted on the payment gateway servers, i.e. no credit card information is ever entered on your server. Of course this is only true for the built-in payment providers. You can still build your own payment forms in which case you would have to encrypt the information locally and observe PCI requirements.

  • e 23 posts 42 karma points
    Nov 07, 2011 @ 17:34
    e
    0

    Thanks for the quick reply, a hosted payment form was what i was hoping to hear!

     

     

Please Sign in or register to post replies

Write your reply to:

Draft