It is my understanding that to achieve PCI Compliance of type C, no credit card information can be stored. From my research, this looks to include billing address.
Assuming this is true, is there an easy way to turn off billing address capture?
billing address storage and pci
Re: billing address storage and pci
I am not a PCI expert but I would imagine storing billing address shouldn't be problem.
Re: billing address storage and pci
If your business qualifies as Merchant Level 4 category you just need "PCI-DSS SAQ C" completed.
Mercahnt Level 4:
Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants -- regardless of acceptance channel -- processing up to 1M Visa transactions per year.
Disabling credit card storage and setting "Days To Save" to 0 from AbleCommerce admin would be enough for "SAQ C" compliance.
Administration > Configure > Security > General
Mercahnt Level 4:
Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants -- regardless of acceptance channel -- processing up to 1M Visa transactions per year.
Disabling credit card storage and setting "Days To Save" to 0 from AbleCommerce admin would be enough for "SAQ C" compliance.
Administration > Configure > Security > General
Mike Kolev
Re: billing address storage and pci
Ok. Just curious then if this is the same interpretation that any other AC users have (for folks needing SAQ C compliance). Note, we have disabled credit card storage in the AC admin.
It seems that some online references to cardholder data include billing address, though it is not explicitly stated in the PCI requirements the scope of cardholder data.
It seems that some online references to cardholder data include billing address, though it is not explicitly stated in the PCI requirements the scope of cardholder data.