Build a PCI-compliant store with ProductCart, a PA-DSS validated shopping cart
PCI compliance, PA-DSS validated ecommerce applications, and our shopping carts
PA-DSS validated shopping cart
To build a PCI-compliant store you must either use PA-DSS validated ecommerce software or have to pay a consultant to validate your shopping cart software for you, which can be very expensive.
ProductCart has been PA-DSS validated, so by using ProductCart you are taking a major step toward running a PCI-compliant ecommerce business. PA-DSS stands for Payment Application Data Security Standards (PA-DSS). ProductCart is officially listed on the PCI Web site as a validated application.
About PCI compliance
Compliance with the Payment Card Industry (PCI) cardholder data security standards is a requirement for all Internet merchants.
It makes sense. All Web stores should adhere to a common set of security measures to protect everyone's confidential information.
When you use an e-commerce application, the way for you to know whether it adheres to the PCI Security Standards is to find out whether it has been validated as a secure payment application (PA-DSS program).
Frequently Asked Questions
We know that this is a somewhat confusing topic. Here you will find answers to frequently asked questions about PCI compliance, ProductCart, and how your ProductCart-powered store can be in PCI compliance. We hope they help!
Can my ProductCart-powered store be PCI compliant?
Yes, ProductCart v4 is PA-DSS validated. This means that it has been audited and verified to be compliant with the strict requirements of the Payment Application Data Security Standards (PA-DSS).
This, however, does not mean automatic PCI compliance. ProductCart is only one element of your e-commerce business, and other elements of your business (e.g. your Web hosting environment, your payment gateway, your own internal payment data handling practices, etc.) must be compliant as well.
What should I do to obtain a certificate that says that my store is compliant?
You need to sign up for PCI compliance testing with one of the companies that offer this service. There are many vendors that offer this service. We have partnered with McAfee - one of the leaders in the field - to offer you FREE PCI compliance testing.
Can software like ProductCart automatically grant PCI compliance?
No, a software application like ProductCart cannot by itself grant a Web store that uses it the status of "PCI Compliant". That's because PCI compliance refers to the entire ecommerce system that powers your store, including your Web hosting environment and the payment gateway used for credit card processing. However, the fact that ProductCart is PA-DSS approved represents a big step towards demonstrating that you are compliant.
The PCI compliance testing service that you sign up with will ask you questions about your entire ecommerce system (e.g. where you are hosted, which payment gateway you are using, etc.).
Will NetSource Commerce assist me in my PCI compliance testing?
No, the PCI compliance testing provider that you sign up with will provide customer service throughout the process. What we have done is to certify ProductCart v4 through the PA-DSS program, as mentioned above. The fact that you are using a PA-DSS certified shopping cart system represents a major step towards PCI compliance.
What if I don't use a PA-DSS validated application?
It will be more difficult for you to complete the PCI Compliance self-assessment questionnaire as you can't prove that the ecommerce software that you are using on your Web store complies with the Data Security Standards set by the PCI Council. To do that, you will have to hire a company that has been certified to perform that assessment. In our experience, those engagements can cost more than $10,000.
So... what's next?
- Are you looking for a shopping cart?
Consider using ProductCart, which has been officially PA-DSS validated.
- Are you already using ProductCart?
Upgrade your ProductCart-powered store to ProductCart v4. Enroll in the ProductCart Support & Updates Plan to obtain the v4 Upgrade (free under the plan).
- More documentation about ProductCart, PA-DSS, and PCI compliance, including the PA-DSS Implementation Guide for ProductCart users.
- McAfee® PCI Compliance Service is a simplified, easy-to-use system that enables Level 2-4 merchants to successfully satisfy PCI DSS compliance requirements. And you also have the opportunity to sign-up for McAfee Secure, which is proven to help you increase sales!