AC 7 Improvements from AC 5.5???

[sweeperq]

Does anyone have a list of the improvements made to AC 7 versus AC 5.5?

We've invested hundreds of hours of development time into making AC 5.5 a well-oiled machine for our business: bulk print of packing slips, inventory checks during bulk printing with exception reports, credit card capture during bulk printing with exception reports, SEO improvements, special handling for items that must be shipped ground (chemicals) or air (perishable foods), best way shipping, shipping arrival estimators, etc, etc.

However, we don't want to be caught with our pants down when our banks come knocking asking if we're PCI-DSS compliant. In reading through the official 68-page PCI Data Security Standard--Requirements and Security Assessment Procedures, it looks like we have two choices: 1) Switch to a PCI-DSS certified cart such as AC7, or 2) make the necessary customizations to AC 5.5 to bring it into compliance. There are going to be those that say that we have to use a PA-DSS "certified" cart if we are accepting credit cards, but nothing I've read says it has to be certified, only validated (meaning passes the 222 assessment controls and a quarterly security scan from an approved service vendor). It should also be noted that using a PA-DSS certified app doesn't absolve you from having to conform to the rest of the requirements, such as: having a corporate security policy, proper firewall configurations, using an anti-virus, separating the web app and database onto different servers, making sure your call center computers are PCI-compliant (credit card numbers are entered through them), quaterly scans, annual self-assesment, etc, etc.

So, aside from the PA-DSS certification, what improvements have others seen that will generate more customer sales or make life easier for merchants?

Thanks for your help,
Sam

[Kalamazoo]

Hi Sam,

I just listened to a Trustwave seminar and finally he said that small merchants that do not store credit cards and build their own custom cart do not have to be be accountable to the certification like AbleCommerce must be to sell licenses but that these custom carts need PCI scanned. Finally they said that when does an off-the-shelf cart no longer stay that way when one customizes it as much as you have here anyway? Lastly, it appears that it really comes down to your bank and what will make them happy. So maybe call your bank and ask them. I used McAfee Secure Scan 2 weekends ago and we got a custom cart passed and his banker is happy. We ran an AC7 store and it passed with no issues except changing SSLv2.0 . In fact, the banker was more concerned about data center architecture such as a firewall.

As far as AC7, I think it was totally rewritten. Are you on .net or ColdFusion? If you are already on .net then maybe look at it but if you are a CF'er you may need some help duplicating all those customizations.

I really know that AC7 is a great product when the shoe fits.

All the best,

Phil Chrisman

[sweeperq]

Thanks for the reply. I started going through the demo software and came up with a list. Keep in mind that not all improvements are in the list:

• PA-DSS Certified
• Supports Google Checkout
• Date/Group based product pricing
• Can set up regions/zones for shipping/taxes/etc
• Easy way to temporarily close store for maintenance
• Up to date Google Base, Yahoo! Shopping, and Shopping.com feeds
• Email lists with opt-in verification
• Product reviews
• Category discounts (can be applied at line item or category-wide)
• Improved Order, Product, and Shipping Coupons
• Can set up product templates to require additional admin or customer side input
• Product vendors
• Inventory tracking by Variant
• URL Rewrite Rules updated so category id is not included (no dupe content penalty)
• Pushes AVS failures through as orders