Page 1 of 1
billing address storage and pci
Posted: Thu Jan 06, 2011 1:11 pm
by ojjuan
It is my understanding that to achieve PCI Compliance of type C, no credit card information can be stored. From my research, this looks to include billing address.
Assuming this is true, is there an easy way to turn off billing address capture?
Re: billing address storage and pci
Posted: Tue Jan 11, 2011 10:34 am
by plugables
I am not a PCI expert but I would imagine storing billing address shouldn't be problem.
Re: billing address storage and pci
Posted: Tue Jan 11, 2011 12:30 pm
by mikek
If your business qualifies as Merchant Level 4 category you just need "PCI-DSS SAQ C" completed.
Mercahnt Level 4:
Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants -- regardless of acceptance channel -- processing up to 1M Visa transactions per year.
Disabling credit card storage and setting "Days To Save" to 0 from AbleCommerce admin would be enough for "SAQ C" compliance.
Administration > Configure > Security > General
Re: billing address storage and pci
Posted: Thu Jan 13, 2011 10:18 am
by ojjuan
Ok. Just curious then if this is the same interpretation that any other AC users have (for folks needing SAQ C compliance). Note, we have disabled credit card storage in the AC admin.
It seems that some online references to cardholder data include billing address, though it is not explicitly stated in the PCI requirements the scope of cardholder data.