1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

how to make my website pci compliant

Discussion in 'Black Hat SEO' started by sam.hunt0710, Apr 16, 2015.

  1. sam.hunt0710

    sam.hunt0710 Jr. VIP Jr. VIP

    Joined:
    Feb 22, 2011
    Messages:
    5,003
    Likes Received:
    1,824
    Gender:
    Male
    Occupation:
    Owner Of a IT Comapny
    Location:
    India
  2. Stizerg

    Stizerg Power Member

    Joined:
    Oct 23, 2011
    Messages:
    609
    Likes Received:
    167
    your domain have to use SSL and if you accept payments on your site it must be PCI compliant.
    If you use PayPal as payment processor, just install SSL certificate to your website.
     
    • Thanks Thanks x 2
  3. sam.hunt0710

    sam.hunt0710 Jr. VIP Jr. VIP

    Joined:
    Feb 22, 2011
    Messages:
    5,003
    Likes Received:
    1,824
    Gender:
    Male
    Occupation:
    Owner Of a IT Comapny
    Location:
    India
    Thanks for your reply Mate , we are providing services through our website and most of the time our customers pay via credit card.

     
  4. sam.hunt0710

    sam.hunt0710 Jr. VIP Jr. VIP

    Joined:
    Feb 22, 2011
    Messages:
    5,003
    Likes Received:
    1,824
    Gender:
    Male
    Occupation:
    Owner Of a IT Comapny
    Location:
    India
  5. umerjutt00

    umerjutt00 Jr. VIP Jr. VIP

    Joined:
    Oct 28, 2011
    Messages:
    3,879
    Likes Received:
    2,128
    Occupation:
    Ninja
  6. sam.hunt0710

    sam.hunt0710 Jr. VIP Jr. VIP

    Joined:
    Feb 22, 2011
    Messages:
    5,003
    Likes Received:
    1,824
    Gender:
    Male
    Occupation:
    Owner Of a IT Comapny
    Location:
    India
  7. Gogol

    Gogol Jr. VIP Jr. VIP

    Joined:
    Sep 10, 2010
    Messages:
    3,476
    Likes Received:
    3,103
    Gender:
    Male
    As I replied on your FB status, this is something you do yourself on your website ( or hire someone to do it for you). If you are applying for a direct payment gateway (payment is processed on your site, rather than a third party site like paypal or so), your bank will test your site for PCI DSS complacency. It is not some certificate or something, rather a standard which checks if your site is vlnerable against the common attack patterns.

    SQL Injection, connection eavesdropping(man in the middle attack. This is why you use SSL.) are some of the example they test for.

     
    • Thanks Thanks x 1
    Last edited: Apr 16, 2015
  8. Stizerg

    Stizerg Power Member

    Joined:
    Oct 23, 2011
    Messages:
    609
    Likes Received:
    167
    How do you accept credit card payments?
     
  9. sam.hunt0710

    sam.hunt0710 Jr. VIP Jr. VIP

    Joined:
    Feb 22, 2011
    Messages:
    5,003
    Likes Received:
    1,824
    Gender:
    Male
    Occupation:
    Owner Of a IT Comapny
    Location:
    India
  10. Stizerg

    Stizerg Power Member

    Joined:
    Oct 23, 2011
    Messages:
    609
    Likes Received:
    167
    Ok, your payment solution is PCI compliant. It's recommended to use SSL if you collect personal details of your customers.
    Read this page for validation options. However you may try to find cheaper PCI validator.
     
  11. Red Giant

    Red Giant Jr. VIP Jr. VIP

    Joined:
    Nov 1, 2013
    Messages:
    1,571
    Likes Received:
    261
  12. sam.hunt0710

    sam.hunt0710 Jr. VIP Jr. VIP

    Joined:
    Feb 22, 2011
    Messages:
    5,003
    Likes Received:
    1,824
    Gender:
    Male
    Occupation:
    Owner Of a IT Comapny
    Location:
    India
    We don't save our customers details on our server , whenever a customer comes to payment page he/she is redirected to payment processor . But Merchant is asking for PCI compliant.

    Can you help in that .
     
  13. sam.hunt0710

    sam.hunt0710 Jr. VIP Jr. VIP

    Joined:
    Feb 22, 2011
    Messages:
    5,003
    Likes Received:
    1,824
    Gender:
    Male
    Occupation:
    Owner Of a IT Comapny
    Location:
    India
  14. Gogol

    Gogol Jr. VIP Jr. VIP

    Joined:
    Sep 10, 2010
    Messages:
    3,476
    Likes Received:
    3,103
    Gender:
    Male
    This is what authorize.net precisely require you to do:
    Code:
    http://www.authorize.net/resources/pcicompliance/
    If you don't store card information, call them up and describe the scenario. See what they suggest. Do the other steps as mentioned.

    Edit: Authorize.net recommends trustkeeper for the audit and related service and tools. Check this out
    Code:
    https://www.trustkeeper.net/esp/Login.public?sprefer=authorizenet.trustkeeper.net
    
     
    • Thanks Thanks x 1
    Last edited: Apr 20, 2015
  15. sam.hunt0710

    sam.hunt0710 Jr. VIP Jr. VIP

    Joined:
    Feb 22, 2011
    Messages:
    5,003
    Likes Received:
    1,824
    Gender:
    Male
    Occupation:
    Owner Of a IT Comapny
    Location:
    India
    Thanks Bro will call them ASAP.

     
  16. mainceaft

    mainceaft Regular Member

    Joined:
    Apr 10, 2013
    Messages:
    379
    Likes Received:
    39
    have you opened account in trustwave.com . to have PCI certificate you should follow PCI compliant setup wizard . Answer all question which include your payment getaway your server status and if you have control it directly or via third part company etc .it take from me half day to complete all this and I Got min PCI compliant certificate.
     
    Last edited: Apr 20, 2015
  17. Gogol

    Gogol Jr. VIP Jr. VIP

    Joined:
    Sep 10, 2010
    Messages:
    3,476
    Likes Received:
    3,103
    Gender:
    Male
    also see my post edit.
     
    • Thanks Thanks x 1