| LATEST NEWS |
| AspDotNetStorefront 7.1 and Visa PABP
Compliance Information
UPDATE: June 4, 2008 - AspDotNetStorefront announces
the completion of VISA PABP 2008 recertification for
AspDotNetStorefront ML 7.1. We are one of the very few
shopping carts to have completed the Visa PABP 1.4 spec
certification. Click here to read the complete press release.
AspDotNetStorefront ML 7.1 is Visa Approved and PABP
Certified. If you choose a NON PABP approved shopping
cart platform, you may be unable to obtain a merchant
account starting sometime in 2008! Why take the risk?
With AspDotNetStorefront, you are choosing to use an
elite E-Commerce shopping cart platform that has been
certified through the Visa Payment Application Best
Practice (PABP) assessment. The certification process
confirmed, among other things, that our 7.1 release is
secure, does not retain full magnetic stripe data or CVV2
data.
This elite designation confirms that our 7.1 release will not
prevent our customers, the e-commerce merchant, from
reaching compliance with the Payment Card Industry (PCI)
Data Security Standard. PCI is a set of very detailed
standards relating to all merchants or service providers that
store, process or transact credit card data.
For our developer customers, you will also know that you
are providing the best possible e-commerce platform for
your own customers, and can leverage off of the work that
we have put into the platform for you out of the box.
To use another shopping cart platform which is not PABP
approved, or even worse, an open-source cart with no
testing whatsoever, is to just place unnecessary risk on
your own business, or your customers.
This quote is direct from VISA:
Visa Announces New Payment Application Security Mandates,
October 23, 2007 , Beginning January 1, 2008, Visa will
implement a series of mandates to eliminate the use of
non-secure payment applications from the Visa payment
system. These mandates require acquirers to ensure their
merchants and agents do not use payment applications
known to retain prohibited data elements and require the
use of payment applications that adhere to Visa's Payment
Application Best Practices (PABP). PABP-compliant
applications help merchants and agents mitigate
compromises, prevent storage of prohibited data and
support overall compliance with the Payment Card Industry
Data Security Standard (PCI DSS) and the Visa U.S.A. Inc.
Operating Regulations.
VISA MANDATES, OCTOBER 23, 2007
 Payment Application Security Mandates
PCI Counsel Press Release
"These mark the first strongly worded, firm deadlines
promoted by Visa. Separately, the PCI Security Standards
Council recently assumed ownership of the PABP from Visa,
which further illustrates the importance of this initiative.
Merchants (and developers providing ecommerce solutions
for merchants) are either going to quickly adopt the PABP
as a cost of doing business, or, they're going to have to start
winding down their business. Good for AspDotNetStorefront
to be ahead of the competition."
Ryan McGowan,
Security Account Manager, Coalfire Systems, Inc.
(a certified PCI Consultancy & Assessor) |
|
 |
| PCI TODAY |
Typically, PCI compliance is initially driven by the merchant's acquiring bank. As more of the large brick and mortar
retail merchants, and high visibility e-commerce merchants attain compliance or make significant progress towards
compliance, smaller and lesser known e-commerce merchants are beginning to get more attention. Today, these banks
are broadening their communication to the smaller e-commerce merchants, to ensure they address their current gaps
in compliance and work to resolve them. Currently, these banks are levying fines to merchants that do not get in to
compliance by previously provided deadlines. Similarly, for merchants that are compromised, they are levying fines and
penalties that can quickly exceed one millions dollars.
If you are still using an AspDotNetStorefront version prior to v7.1, we again strongly encourage you to update to the
latest build so you can take advantage of our PABP certification for your site.
AspDotNetStorefront, by virtue of our PABP certification, has partnered with longtime PCI assessor Coalfire Systems,
to develop a program aimed to assist our 7.1 clients in cost effectively attaining compliance. Coalfire Systems serves as
a one-stop shop for PCI, offering a host of services which drive merchants to compliance. Coalfire is an Approved
Scan Vendor (ASV), authorized to provide the required quarterly network scans. The quarterly network scans are a
cost effective way to ensure your payment card environment (PCE) is adequately protected. These quarterly scans
are a requirement for all merchants. Additionally, Coalfire provides cost-effect PCI compliance assessment and
consulting services, intended to assist merchants with completing the PCI Annual Self Assessment questionnaire,
a requirement for all Level 1-3 merchants and select Level 4 merchants.
MERCHANT PCI REQUIREMENTSPCI Compliance is no longer optional, or just a "nice to have" when running an online commercial commerce business.
Merchant validation to the PCI standard is determined by the number of transactions processed.
What's important to note it, regardless of transaction volume, is that all merchants must be in compliance with PCI.
What differs, based on transaction volume, is the manner in which the merchant must attest to compliance.
For more information regarding PCI compliance, merchant level definitions and associated attestation requirements,
please note the below link:
http://usa.visa.com/merchants/risk_management/cisp_merchants.html
To download the complete Payment Card Industry Data Security Standard, please note the below link:
https://www.pcisecuritystandards.org/tech/download_the_pci_dss.htm |
| PABP REQUIRED FOR MERCHANT ACCOUNTS |
Additionally, many merchant account providers will NOT EVEN ISSUE MERCHANT ACCOUNTS now if you are not using a
PABP approved shopping cart system.
With AspDotNetStorefront,this PABP compliance is already done for you, so you have no need to worry.
If you are choosing an uncertified cart or want to use one of the "free" open source cart, beware, as you may be
unable to even get a merchant account starting sometime in 2008 for Internet based card not present sales!
"Free" doesn't sound like too good of a value, if your business is shutdown. |
|
COALFIRE SYSTEMS PCI COMPLIANCE PARTNER SERVICES
On a related topic, we also support Verified By
Visa/Master Card 3-D secure in the US and U.K.
for selected gateways. Click here for more info.
Please see our forums for any updates to this
important topic.
