Welcome, Guest ( Customer Panel | Login )




 All Forums
 VPCart Forum
 VP-ASP 6.50 Features and Facilities
 Will VP-ASP be Visa PABP certified?
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

mrprufrock
Starting Member

18 Posts

Posted - December 23 2008 :  16:26:14  Show Profile  Reply with Quote
I've recently learned that PCI compliant merchants will be required to use Visa certified payment applications (basically any program that handles credit card data) by July 2010. Is VP-ASP working on getting this certification?

http://usa.visa.com/download/merchants/payment_application_security_mandates.pdf

Obviously we and any other merchants won't be able to use it if it doesn't so I imagine this is high on VPASP's list?

support
Administrator

4679 Posts

Posted - December 23 2008 :  19:53:04  Show Profile  Visit support's Homepage  Reply with Quote
Hi there

Yes, PCI is extremely topical. We have only recently posted a PCI FAQ on our site.

You can see this at:
http://www.vpasp.com/virtprog/faq_pcicompliance.htm

Version 650 is PCI compliant out of the box if you use a hosted gateway.

Version 700 will be PADSS certified for both hosted and integrated gateways.

Hope this covers what you need.

Thanks
Cam

VPASP Support
Go to Top of Page

mrprufrock
Starting Member

18 Posts

Posted - December 31 2008 :  11:31:19  Show Profile  Reply with Quote
Hi, we don't use a hosted gateway currently. What we do is export the CC data daily from the VP-ASP shopping cart and import it into our order management software. Is this what you mean by integrated?

So is it safe to assume that we must upgrade to v7 in order to maintain compliance by July 2010 assuming we continue operating as we do?

Thanks!
Go to Top of Page

support
Administrator

4679 Posts

Posted - December 31 2008 :  22:01:58  Show Profile  Visit support's Homepage  Reply with Quote
In this instance you will need to contact a PCI auditing company and your bank and check what your requirements are because you are storing card details on your site.

VPASP is not compliant for this and we do not actually recommend it for security reasons.

Version 700 will not allow the storage of card data at all by default.

You will be able to modify it to store card data of course as it is open source however our certification will be based on the fact that VPASP does not store card data.

If you use a payment gateway then our certification will be valid.

Thanks
Cam

VPASP Support
Go to Top of Page

mrprufrock
Starting Member

18 Posts

Posted - March 12 2009 :  19:50:49  Show Profile  Reply with Quote
Do you have a list of payment gateways that will be compatible with v700? This way I can delve into the features of each to understand how we might possibly never store cardholder data.
Go to Top of Page

support
Administrator

4679 Posts

Posted - March 12 2009 :  20:26:30  Show Profile  Visit support's Homepage  Reply with Quote
You can see a list of PCI Complaint gateways that we support at:

http://www.vpasp.com/sales/epdownload650.asp

Just filter the search so it only returns PCI compliant gateways

Thanks
Cam

VPASP Support
Go to Top of Page

mrprufrock
Starting Member

18 Posts

Posted - April 14 2009 :  15:59:41  Show Profile  Reply with Quote
Do you have an ETA on the v7 release? Will it be this year?
Go to Top of Page

support
Administrator

4679 Posts

Posted - April 20 2009 :  02:02:38  Show Profile  Visit support's Homepage  Reply with Quote
It certainly will be. We are looking to release version 700 in the coming months.

While we do not have a fixed date as yet, it has ended up being a much bigger development than originally planned as we are adding a huge number of changes, we will be announcing the exact date and the new fetaures shortly before we go live.

Thanks
Cam

VPASP SUpport
Go to Top of Page

mrprufrock
Starting Member

18 Posts

Posted - August 04 2009 :  12:47:26  Show Profile  Reply with Quote
I just spoke with our acquiring bank and they confirmed that July 2010 is the deadline for PA-DSS.

So in other words before July 2010 our small ecommerce company is supposed to upgrade a) its entire shopping cart (old VPASP) and years of customizations to an as-yet-unreleased version 7, and b) its entire back end order management software to an as-yet-unreleased PA-DSS compliant version, and b) all of its custom code, scripts, macros and reports used to interface and work with our existing shopping cart and order management software.

What's funny is they referred me to the official list of PA-DSS compliant applications and there are only three shopping carts on it as of today.
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000
0 Item(s)
$0.00