PCI Compliance

  • Posts: 1
  • Thank you received: 0
11 years 6 months ago #102591

Hi,

I have looked over previous posts and could not find the information I need. I am looking into developing a new payment gateway into Hikashop and I am not sure if Hikashop is PCI compliant. I see that Authorize.net allows AIM (with cUrl and SSL), so I figure that either the Authorize.net module or Hikashop need to be PCI compliant. Is either/both PCI compliant?

I am basically looking to build the payment gateway inline with the shop (like Authorize.net -AIM), so the user is not redirected elsewhere, and I am wondering where the PCI compliance responsibility falls. On the module, shopping cart, or server?

Thanks in advance for the help!

-David

Please Log in or Create an account to join the conversation.

  • Posts: 26151
  • Thank you received: 4027
  • MODERATOR
11 years 6 months ago #102630

Hi,

It is a little mix. HikaShop have options to force SSL on the checkout but it role is quite limited about PCI compliance.
The server must have a SSL certificate if you want to receive credit card information, the server have to be secured too.
The plugin will read this data, use it for his purpose (communication with the payment service, like Authorize.net) and erase the data when finished.
HikaShop does not use or store this data. The software itself is secured and it have been audited by Compass Security AG.

Regards,

Jerome - Obsidev.com
HikaMarket & HikaSerial developer / HikaShop core dev team.

Also helping the HikaShop support team when having some time or couldn't sleep.
By the way, do not send me private message, use the "contact us" form instead.

Please Log in or Create an account to join the conversation.

Time to create page: 0.052 seconds
Powered by Kunena Forum