Magento Development - Options You Have To Become Pci Compliant

By Author: aarifaharvey
Total Articles: 2
Comment this article

PCI compliance would mean compliance with international security standards related to the development, storage, dissemination and implementation of account data protection policies. A common concern among sellers using Magento Community Edition for Magento development to manage their online store is whether they are eligible to achieve PCI compliance. There are many misguiding answers to this which are far from the reality which is yes PCI compliance can be had even by sellers using Magento community edition.

If you are using Magento development then there are few ways through which you can be PCI compliant, however this would mean you will have to change a few things related to the method of handling your credit card processes. While comparing Magento community edition with Magento professional or Enterprise it is important to note that they themselves are not PA-DSS certified, but only the Payment Bridge where all the credit card processing takes place is PA-DSS certified. Since the payment bridge is not available for community edition a Magento developer using it should think of other ways to gain PCI compliance.

The ...
... best and most cost effective method to ensure that your Magento development technique for storing credit card details is PCI certified is to use hosted payment methods like authorizenet SIM, paypal express, cybersource hosted order page etc. By using this you will be processing and completing all credit card transactions on host server. Alternatively a Magento developer can also use SaaS PCI compliant payment application which can put you out of PCI scope as here again the processing will happen on someone else's server which is already PCI certified. An advantage of SaaS PCI compliant payment application is that it supports 4 major payment gateways namely Paypal, Chase Paymentech, Authorize.net and Payleap. Hence there will be fewer chances that you will be required to change your current merchant service provider.

A little expensive method to make Magento development even more effective is to use PA-DSS compliant Magento payment Bridge software solution which can lead you out of the PCI scope. It is complementary with the Magento Professional and Enterprise edition. But if you are already using the community version then also you do not have to worry as it can be upgraded to include the payment bridge.

For PCI compliant Magento hosting some technical requirements need to be fulfilled for the website. Also two more secure and separate servers (web + db) from the store are required. It flawlessly supports major gateways like paypal direct (us & uk), authorize.net and payflow pro. Integration of the payment form from the MPB server and lodging the same into an IFRAME into Magento checkout ensures seamless user experience.

Which PCI compliance criteria will apply for a merchant using Magento development techniques will depend on the level of the merchant ranging between level 1 and 4. For level 1 merchant with over 6 million transactions it becomes imperative to have a custom solution and the whole system be verified for PCI assessment. The process differs greatly for businesses with over 20000 transactions a year. They can get away with as little as a quarterly scan of the server and an annual SAQ (self assessment questionnaire). The process becomes even simpler for sellers using McAfee with access to their certification service and PCI scan.

Magento development a company renowned for its Magento development services and its Magento developers offers effective solutions for PCI compliance at the most competitive rates.