VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

PCI Compliance

VPASP is now PCI Compliant for extra security

What is PCI Compliance and why is it so important?

Having PCI Compliance (Payment Card Industry Compliance) is already a critical requirement for most businesses planning to trade online. In the future it may also become mandatory for all online businesses to have PCI Certification. This is why it is crucial to ensure that your shopping cart software can comply with the standards both now and into the future.

Put simply PCI Compliance is a certificate issued to your business by a security auditor. This PCI auditor looks at your website, shopping cart and hosting service to determine if you are dealing with personal and credit card information appropriately. If you are then the certificate is issued and you are PCI Compliant.

This compliance certificate is used as evidence to your customers, gateway provider and even your bank that your online store is secure.

For most merchants a self assessment is all you will need to do. if you are tkaing over a certain amount of orders then you may need have someone physically audit your site which is a much more expensive proposition.

To ensure your store is PCI Compliant you need to use a PCI Certified gateway. We provide integration to over 200 different payment gateway providers around the world.

Do I need PCI Certification?

Having PCI Certification is advisable in most circumstances but it can take some time and effort to arrange. That's why it's a good idea to find out if it is mandatory for your business.

You DON'T need PCI Certification if:

  • You are not taking credit card orders on your site

You MUST have PCI Certification if:

  • You are taking credit card orders on your site

How do I get PCI Certification?

The Simple Solution: Hosted Gateways
The easiest way to obtain PCI Certification is to utilise a hosted gateway service such as PayPal, SecurePay Directpay or Authorise.net DPM. When you use a hosted gateway your website does not receive any customer credit card information and this data is, instead, handled by your provider's website. At the moment of payment your customer is sent to the provider's website to enter their details and then back to your website once the payment is complete.

By handling transactions in this way you can easily tick most of the PCI requirements in the audit document provided you are using a PCI certified payment gateway provider.

If using SecurePay Directpay or AuthorizeNet DPM your customers stay on your site throughout the entire checkout process but are able to leverage the secure PCI status of the gateway provider. When you use PayPal the customer is taken to the PayPal site to complete the order and are then returned to your site once payment has been made.

Click here for more information on PCI Compliance and hosted gateways
Click here for a download list of PCI Compatible Gateways

Use PCI Security Scanner Service by Trust Guard



We have partnered with TrustGuard to offer PCI scanning to our customers.

Having dealt with a variety of PCI Scanning Vendors, we can highly recommend TrustGuard to perform accurate and informative scans.

Click the link below to learn more about TrustGuard:
https://www.vpasp.com/virtprog/trustguard.htm

Integrated Gateways

We used to support allowing merchants to take credit cards directly on the merchants site but with the advent of PCI certification requirements have removed these options.

PCI Self Assessment Questionnaire

Part of gaining PCI Compliance usually involves a self-assessment questionnaire. To assist VP-ASP customers with answering this questionnaire we have created a guide. You can download this guide below.

Click here to download the PCI Self Assessment Guide

*Successful PCI Certification relies on multiple factors including hosting environment, business practices, configuration and payment gateway provider. Successful PCI compliant deployment of VP-ASP is the sole responsibility of the end user.