Author |
Topic |
|
hpride
Starting Member
11 Posts |
Posted - October 27 2010 : 22:15:32
|
Recently I completed our PCI DSS compliance after signing up with Comodo and it turns out we didn't actually need to scan our websites for vulnerabilities because all our card processing for our web sites is done on our banks servers (the ANZ eGate payment gateway add on). I asked the representative at ANZ, who handles PCI compliance, if we still needed SSL certificates, to which he said no. He said we only needed an SSL certificate to handle sensitive information (credit cards, passwords, birthdays etc) which confirmed what I had originally thought...
Why won't our site process orders without SSL certificates if the security of the transaction is provided by ANZ?
I'd appreciate if anyone knows the logic behind this.
Anthony |
|
diegomilito
VP-CART Expert
Argentina
779 Posts |
Posted - October 28 2010 : 02:46:46
|
you need the SSL (secure layer) in your site to secure the customer entered card numbers, etc.. to pass to ANZ egate. if you do not have SSL, the customer's private infomation can be stolen in the middle before send to the ANZ egate.
Diego.
|
|
|
hpride
Starting Member
11 Posts |
Posted - October 28 2010 : 18:05:36
|
Hi Diego
Thanks for your comment. However the credit card details are not "passed" to ANZ. The credit card details are entered on ANZ's eGate payment screen, after the redirection. Then the only information that's passed back to our site is a confirmation of success or failure, with a successful transaction having a transaction ID and approval number.
I wouldn't call that sensitive information.
Anthony |
|
|
support
Administrator
4679 Posts |
Posted - October 29 2010 : 00:46:29
|
Hi Anthony,
Is your site actually not working or have you been told you need SSL for the gateway?
If you have been told you need SSL then this is possibly not correct but is dependent on the gateway itself. Some gateways demand that the site itself for some reason be covered by SSL as well even though no data is transferred.
If not working then it may be an idea to submit a ticket into our helpdesk so our support team can investigate for you.
Thank you.
Cam Flanigan VP-ASP Cart Support
Follow us on Twitter: http://www.twitter.com/vpasp |
|
|
|
Topic |
|