Hi gang,
We are currently running a moderately customized AC 5.5 for ASP.NET with MySQL. With the PCI deadline coming we have to get compliant. My questions:
Is there much difference between accessing MySQL and MS SQL? Unfortunately 7 doesn't support MySQL.
How much difference is there in the table layouts between 5.5 and 7.0.4? Is it a change of a few concepts or an entire overhaul?
Has anyone been PCI certified with 5.5 or is it even possible?
Do you have *any* suggestions for us to make this happen as painlessly or quickly as possible?
Thanks for your help!
Jim Sewell - TrustedTours.com
Upgrading from 5.5 to the latest for PCI
- deverill
- Lieutenant (LT)
- Posts: 64
- Joined: Tue Jan 06, 2009 11:58 am
- Location: Key West, FL
- Contact:
Upgrading from 5.5 to the latest for PCI
Jim Sewell - Web Programmer
Trusted Tours & Attractions
Trusted Tours & Attractions
- Shopping Cart Admin
- AbleCommerce Admin
- Posts: 3055
- Joined: Mon Dec 01, 2003 8:41 pm
- Location: Vancouver, WA
- Contact:
Re: Upgrading from 5.5 to the latest for PCI
Hello Jim,
The tables have changed quite a bit from 5.5 to 7.0, but there are still many similarities. 5.5 would be difficult to PCI 'certify' even though it was PCI compliant with the first PCI 'specifications'. New requirements on data encryption of 3rd party integration passwords and such are not done in 5.5.
If you're NOT using a payment gateway which accepts the CC payment on your website directly then it's a non-issue. e.g. Paypal, Paypal express and Google checkout.
The tables have changed quite a bit from 5.5 to 7.0, but there are still many similarities. 5.5 would be difficult to PCI 'certify' even though it was PCI compliant with the first PCI 'specifications'. New requirements on data encryption of 3rd party integration passwords and such are not done in 5.5.
If you're NOT using a payment gateway which accepts the CC payment on your website directly then it's a non-issue. e.g. Paypal, Paypal express and Google checkout.
- deverill
- Lieutenant (LT)
- Posts: 64
- Joined: Tue Jan 06, 2009 11:58 am
- Location: Key West, FL
- Contact:
Re: Upgrading from 5.5 to the latest for PCI
Ah, so if we use a CC payment system that the customer logs in to *their* site to process the payment we would be pretty much free an clear of PCI? That's definitely sounding better!
Jim Sewell - Web Programmer
Trusted Tours & Attractions
Trusted Tours & Attractions
- Shopping Cart Admin
- AbleCommerce Admin
- Posts: 3055
- Joined: Mon Dec 01, 2003 8:41 pm
- Location: Vancouver, WA
- Contact:
Re: Upgrading from 5.5 to the latest for PCI
Hello Jim,
If your store doesn't accept the payment directly and the customer is re-directed to paypal/google for the payment collection, then PCI is a non-issue.
It could affect your conversion rate if your customers are used to processing their payment directly on your website.
If your store doesn't accept the payment directly and the customer is re-directed to paypal/google for the payment collection, then PCI is a non-issue.
It could affect your conversion rate if your customers are used to processing their payment directly on your website.
- deverill
- Lieutenant (LT)
- Posts: 64
- Joined: Tue Jan 06, 2009 11:58 am
- Location: Key West, FL
- Contact:
Re: Upgrading from 5.5 to the latest for PCI
Thanks for your help Mike.
In the event we have to go to MS SQL and AC 7, is there anywhere I can see the table layout (chart or descriptive text)? That would be a big help in seeing where we are going and how painful it would be to reproduce our customizations.
In the event we have to go to MS SQL and AC 7, is there anywhere I can see the table layout (chart or descriptive text)? That would be a big help in seeing where we are going and how painful it would be to reproduce our customizations.
Jim Sewell - Web Programmer
Trusted Tours & Attractions
Trusted Tours & Attractions
- Logan Rhodehamel
- Developer
- Posts: 4116
- Joined: Wed Dec 10, 2003 5:26 pm
Re: Upgrading from 5.5 to the latest for PCI
I noticed for the first time today PCI has published a short and sweet form for merchants who do not personally collect any sensitive cardholder data. The path to compliance is basically to attest that you don't collect the data and that the third party who does collect it is PCI compliant.Shopping Cart Admin wrote:If your store doesn't accept the payment directly and the customer is re-directed to paypal/google for the payment collection, then PCI is a non-issue.
Cheers,
Logan
.com
If I do not respond to an unsolicited private message, it's not because I'm ignoring you. It's because the answer to your question is valuable to others. Try the new topic button.
Logan
.com
If I do not respond to an unsolicited private message, it's not because I'm ignoring you. It's because the answer to your question is valuable to others. Try the new topic button.