ecommerce and pci pa-dss, is it legal to sell/distribute with out it? many o/s carts are not certified


1

There are many open source shopping carts that don't have any PCI compliance certification.

Is it legal to sell/distribute ecommerce related software that isn't compliant?

It makes no sense, since if the source code is modified in any way, you probably have to re-certify the software again correct?

Software Ecommerce

asked Oct 14 '10 at 23:43
Blank
Un Startup
162 points
Top agency to build award-winning mobile apps: Utility NYC

2 Answers


1

My understanding of PCI compliance is that the person handling the credit card personal info or storing it needs to be compliant (so paypal, google checkout, etc).

Do these open source shopping carts take a credit card number, and expect you to run the transaction through the credit card company yourself?

This link sort of gets to the point: http://selfservice.talisma.com/display/2n/index.aspx?c=58&cpc=MSdA03B2IfY15uvLEKtr40R5a5pV2lnCUb4i1Qj2q2g&cid=81&cat=&catURL=&r=0.644091963768005 It depends on if you "process, store or transmit payment cardholder data".

answered Oct 15 '10 at 00:01
Blank
Adam
205 points

0

My understanind is that PCI is from the credit card companies and so is a policy of use and not a legal / illegal thing.

answered Oct 27 '10 at 01:38
Blank
John Bogrand
2,210 points

Your Answer

  • Bold
  • Italic
  • • Bullets
  • 1. Numbers
  • Quote
Not the answer you're looking for? Ask your own question or browse other questions in these topics:

Software Ecommerce