This guide covers AbleCommerce 7.0, and is intended for merchants and integrators who wish to implement the application in accordance with guidelines set by the Payment Card Industry (PCI).
In 2006 American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International formed the Payment Card Industry Security Standards Council. The main purpose of the council is to produce and maintain the Data Security Standard (DSS). This is a set of rules and requirements that when followed will help prevent fraud, hacking, and other threats to private cardholder data. The main objectives of the PCI DSS are as follows:
You can find and review the complete specification by visiting the URL below.
This guide is intended to help merchants implement the AbleCommerce application in a way that is compliant with version 1.2 of the PCI DSS.
The Payment Application Data Security Standard was originally created by Visa (as Payment Application Best Practices – PABP) as an aid to software providers to help build secure payment applications. PA-DSS validation proves that an application can be implemented in a way that is compliant with the PCI DSS.
AbleCommerce has been designed and certified to meet all of the requirements of the PA-DSS version 1.2. This does not automatically make you, the merchant, PCI DSS compliant. It is necessary that the recommendations and instructions in this guide are followed.
For additional information about PA-DSS, or to view AbleCommerce in the official list of validated applications, please visit the URL below.
The PCI Security Standards Council is not a compliance organization. They do not require compliance, but individual payment networks may. Visa is one such example. They require you to comply with the PCI DSS, and you must complete some degree of validation based on the annual transaction volume processed. All merchants who handle Visa payments are required to perform at least some level of validation. The URL below directs you to Visa’s Cardholder Information Security Program (CISP) and has complete details and validation procedures.
A qualified security assessor is the only one who can validate your PCI compliance. A current list of assessors is maintained by the PCI and can be found at this URL:
Chief Security Officers performed the PA-DSS certification for AbleCommerce 7.0. They can be contacted via any one of the following: