Upgrading from 5.5 to the latest for PCI

This forum is dedicated to answering AbleCommerce 7.0 questions about PCI certification and compliance.
Post Reply
User avatar
deverill
Lieutenant (LT)
Lieutenant (LT)
Posts: 64
Joined: Tue Jan 06, 2009 11:58 am
Location: Key West, FL
Contact:

Upgrading from 5.5 to the latest for PCI

Post by deverill » Mon Jan 18, 2010 11:31 am

Hi gang,
We are currently running a moderately customized AC 5.5 for ASP.NET with MySQL. With the PCI deadline coming we have to get compliant. My questions:

Is there much difference between accessing MySQL and MS SQL? Unfortunately 7 doesn't support MySQL.

How much difference is there in the table layouts between 5.5 and 7.0.4? Is it a change of a few concepts or an entire overhaul?

Has anyone been PCI certified with 5.5 or is it even possible?

Do you have *any* suggestions for us to make this happen as painlessly or quickly as possible?

Thanks for your help!
Jim Sewell - TrustedTours.com
Jim Sewell - Web Programmer
Trusted Tours & Attractions

User avatar
Shopping Cart Admin
AbleCommerce Admin
AbleCommerce Admin
Posts: 3055
Joined: Mon Dec 01, 2003 8:41 pm
Location: Vancouver, WA
Contact:

Re: Upgrading from 5.5 to the latest for PCI

Post by Shopping Cart Admin » Mon Jan 18, 2010 11:36 am

Hello Jim,

The tables have changed quite a bit from 5.5 to 7.0, but there are still many similarities. 5.5 would be difficult to PCI 'certify' even though it was PCI compliant with the first PCI 'specifications'. New requirements on data encryption of 3rd party integration passwords and such are not done in 5.5.

If you're NOT using a payment gateway which accepts the CC payment on your website directly then it's a non-issue. e.g. Paypal, Paypal express and Google checkout.
Thanks for your support

Shopping Cart Guru
AbleCommerce.com
Follow us on Facebook

User avatar
deverill
Lieutenant (LT)
Lieutenant (LT)
Posts: 64
Joined: Tue Jan 06, 2009 11:58 am
Location: Key West, FL
Contact:

Re: Upgrading from 5.5 to the latest for PCI

Post by deverill » Mon Jan 18, 2010 11:57 am

Ah, so if we use a CC payment system that the customer logs in to *their* site to process the payment we would be pretty much free an clear of PCI? That's definitely sounding better!
Jim Sewell - Web Programmer
Trusted Tours & Attractions

User avatar
Shopping Cart Admin
AbleCommerce Admin
AbleCommerce Admin
Posts: 3055
Joined: Mon Dec 01, 2003 8:41 pm
Location: Vancouver, WA
Contact:

Re: Upgrading from 5.5 to the latest for PCI

Post by Shopping Cart Admin » Mon Jan 18, 2010 12:14 pm

Hello Jim,

If your store doesn't accept the payment directly and the customer is re-directed to paypal/google for the payment collection, then PCI is a non-issue.

It could affect your conversion rate if your customers are used to processing their payment directly on your website.
Thanks for your support

Shopping Cart Guru
AbleCommerce.com
Follow us on Facebook

User avatar
deverill
Lieutenant (LT)
Lieutenant (LT)
Posts: 64
Joined: Tue Jan 06, 2009 11:58 am
Location: Key West, FL
Contact:

Re: Upgrading from 5.5 to the latest for PCI

Post by deverill » Tue Jan 19, 2010 1:01 pm

Thanks for your help Mike.

In the event we have to go to MS SQL and AC 7, is there anywhere I can see the table layout (chart or descriptive text)? That would be a big help in seeing where we are going and how painful it would be to reproduce our customizations.
Jim Sewell - Web Programmer
Trusted Tours & Attractions

User avatar
Logan Rhodehamel
Developer
Developer
Posts: 4116
Joined: Wed Dec 10, 2003 5:26 pm

Re: Upgrading from 5.5 to the latest for PCI

Post by Logan Rhodehamel » Tue Mar 02, 2010 2:53 pm

Shopping Cart Admin wrote:If your store doesn't accept the payment directly and the customer is re-directed to paypal/google for the payment collection, then PCI is a non-issue.
I noticed for the first time today PCI has published a short and sweet form for merchants who do not personally collect any sensitive cardholder data. The path to compliance is basically to attest that you don't collect the data and that the third party who does collect it is PCI compliant.
Cheers,
Logan
Image.com

If I do not respond to an unsolicited private message, it's not because I'm ignoring you. It's because the answer to your question is valuable to others. Try the new topic button.

Post Reply