uCommerce doesn't handle any sensitive payment information at all. The integration model we use with payment processors puts that sort of information exclusively on their server so PCI compliance is up the payment processor instead of the the app itself and indeed the hosting facilities it's placed in.
If you go ahead and store sensitive information anyway you can use the standard .NET encryption libraries to secure your information.
uCommerce is compatible with both 4.0 and 4.5. All testing is done using both Umbraco 4.0.4.2 (latest 4.0 before moving to 4.5) and the latest 4.5 release (4.5.2 as of writing this).
Is the form that gathers credit card data hosted off site entirely? From my understanding of PCI compliance, even if the the credit card information is simply gathered on a form running on our website but is then passed on to someone else for processing, the website DOES have a level of PCI compliance to adhere to.
Even without storing the information, the gathering and passing of the information has to satisfy some guidelines, and i was hoping you could fill in some details on how/where credit card information is gathered, and how it is posted to a credit card processor.
The payment forms are hosted on the payment gateway servers, i.e. no credit card information is ever entered on your server. Of course this is only true for the built-in payment providers. You can still build your own payment forms in which case you would have to encrypt the information locally and observe PCI requirements.
PCI Compliance and Compatibility
Interested in possibly purchasing a pro license of uCommerce. But can't find any data on whether or not the software is fully PCI Compliant or not.
Also concerned about it's compatibility with Umbraco's 4.5.2 release.
Thanks,
Justin
Hi Justin,
uCommerce doesn't handle any sensitive payment information at all. The integration model we use with payment processors puts that sort of information exclusively on their server so PCI compliance is up the payment processor instead of the the app itself and indeed the hosting facilities it's placed in.
If you go ahead and store sensitive information anyway you can use the standard .NET encryption libraries to secure your information.
uCommerce is compatible with both 4.0 and 4.5. All testing is done using both Umbraco 4.0.4.2 (latest 4.0 before moving to 4.5) and the latest 4.5 release (4.5.2 as of writing this).
Hope this helps.
That does help, Thanks Soren!
Soren,
Would you be able to expand on that a bit?
Is the form that gathers credit card data hosted off site entirely? From my understanding of PCI compliance, even if the the credit card information is simply gathered on a form running on our website but is then passed on to someone else for processing, the website DOES have a level of PCI compliance to adhere to.
Even without storing the information, the gathering and passing of the information has to satisfy some guidelines, and i was hoping you could fill in some details on how/where credit card information is gathered, and how it is posted to a credit card processor.
Hello,
The payment forms are hosted on the payment gateway servers, i.e. no credit card information is ever entered on your server. Of course this is only true for the built-in payment providers. You can still build your own payment forms in which case you would have to encrypt the information locally and observe PCI requirements.
Thanks for the quick reply, a hosted payment form was what i was hoping to hear!
is working on a reply...