ecommerce and pci pa-dss, is it legal to sell/distribute with out it? many o/s carts are not certified


There are many open source shopping carts that don't have any PCI compliance certification.

Is it legal to sell/distribute ecommerce related software that isn't compliant?

It makes no sense, since if the source code is modified in any way, you probably have to re-certify the software again correct?

Software Ecommerce

asked Oct 14 '10 at 23:43
Un Startup
162 points

2 Answers


My understanding of PCI compliance is that the person handling the credit card personal info or storing it needs to be compliant (so paypal, google checkout, etc).

Do these open source shopping carts take a credit card number, and expect you to run the transaction through the credit card company yourself?

This link sort of gets to the point: It depends on if you "process, store or transmit payment cardholder data".

answered Oct 15 '10 at 00:01
205 points


My understanind is that PCI is from the credit card companies and so is a policy of use and not a legal / illegal thing.

answered Oct 27 '10 at 01:38
John Bogrand
2,210 points

Your Answer

  • Bold
  • Italic
  • • Bullets
  • 1. Numbers
  • Quote
Not the answer you're looking for? Ask your own question or browse other questions in these topics:

Software Ecommerce