Visa Approved and PABP Certified Shopping Cart Platform (among the very elite)

AspDotNetStorefront Visa PABP and PA-DSS (CISP/PCI Compliance) Information

UPDATE: April, 2009 - AspDotNetStorefront announces the completion of updated VISA PABP re-certification for AspDotNetStorefront ML v8.0. We are one of the very few shopping carts to have completed the Visa PABP 1.4 spec certification. Click here to read the complete press release.

To view our PCI PA-DSS Acceptance Letter for AspDotNetStorefront ML v8.0, please click here (.pdf).

To see the list of Visa PABP Validated Payment Applications, including AspDotNetStorefront ML v7.x, please click here (.pdf).

AspDotNetStorefront ML is Visa Approved and PABP Certified. This also means we are now certified to the PA-DSS specification with our ML version. If you choose a NON PABP approved shopping cart platform, you may be unable to obtain a merchant account starting sometime in 2008! Why take the risk?

With AspDotNetStorefront, you are choosing to use an elite E-Commerce shopping cart platform that has been certified through the Visa Payment Application Best Practice (PABP) assessment. The certification process confirmed, among other things, that our 8.x release is secure, does not retain full magnetic stripe data or CVV2 data.

This elite designation confirms that our 8.x release will not prevent our customers, the e-commerce merchant, from reaching compliance with the Payment Card Industry (PCI) Data Security Standard. PCI is a set of very detailed standards relating to all merchants or service providers that store, process or transact credit card data.

For our developer customers, you will also know that you are providing the best possible e-commerce platform for your own customers, and can leverage off of the work that we have put into the platform for you out of the box. To use another shopping cart platform which is not PABP approved, or even worse, an open-source cart with no testing whatsoever, is to just place unnecessary risk on your own business, or your customers.

This quote is direct from VISA:

Visa Announces New Payment Application Security Mandates, October 23, 2007 , Beginning January 1, 2008, Visa will implement a series of mandates to eliminate the use of  non-secure payment applications from the Visa payment system. These mandates require acquirers to ensure their merchants and agents do not use payment applications known to retain prohibited data elements and require the use of payment applications that adhere to Visa's Payment Application Best Practices (PABP). PABP-compliant applications help merchants and agents mitigate compromises, prevent storage of prohibited data and support overall compliance with the Payment Card Industry Data Security Standard (PCI DSS) and the Visa U.S.A. Inc. Operating Regulations

VISA MANDATES, OCTOBER 23, 2007

"These mark the first strongly worded, firm deadlines promoted by Visa.  Separately, the PCI Security Standards Council recently assumed ownership of the PABP from Visa, which further illustrates the importance of this initiative.  Merchants (and developers providing ecommerce solutions for merchants) are either going to quickly adopt the PABP as a cost of doing business, or, they're going to have to start winding down their business.  Good for AspDotNetStorefront to be ahead of the competition." - Ryan McGowan, Security Account Manager, Coalfire Systems, Inc. (a certified PCI Consultancy & Assessor)

PABP REQUIRED FOR MERCHANT ACCOUNTS

Additionally, many merchant account providers will NOT EVEN ISSUE MERCHANT ACCOUNTS now if you are not using a PABP approved shopping cart system.  With AspDotNetStorefront, this PABP compliance is already done for you, so you have no need to worry.

If you are choosing an uncertified cart or want to use one of the "free" open source cart, beware, as you may be unable to even get a merchant account starting sometime in 2008 for Internet based card not present sales! "Free" doesn't sound like too good of a value, if your business is shutdown.

MERCHANT PCI REQUIREMENTS

PCI Compliance is no longer optional, or just a "nice to have" when running an online commercial commerce business. Merchant validation to the PCI standard is determined by the number of transactions processed. What's important to note it, regardless of transaction volume, is that all merchants must be in compliance with PCI. What differs, based on transaction volume, is the manner in which the merchant must attest to compliance. For more information regarding PCI compliance, merchant level definitions and associated attestation requirements, please note the below link:

To download the complete Payment Card Industry Data Security Standard, please note the below link:

PCI TODAY

Typically, PCI compliance is initially driven by the merchant's acquiring bank. As more of the large brick and mortar retail merchants, and high visibility e-commerce merchants attain compliance or make significant progress towards compliance, smaller and lesser known e-commerce merchants are beginning to get more attention. Today, these banks are broadening their communication to the smaller e-commerce merchants, to ensure they address their current gaps in compliance and work to resolve them. Currently, these banks are levying fines to merchants that do not get in to compliance by previously provided deadlines. Similarly, for merchants that are compromised, they are levying fines and penalties that can quickly exceed one millions dollars.

If you are still using an AspDotNetStorefront version prior to v8.x, we again strongly encourage you to update to the latest build so you can take advantage of our PABP certification for your site.

AspDotNetStorefront, by virtue of our PABP certification, has partnered with longtime PCI assessor Coalfire Systems, to develop a program aimed to assist our 8.x clients in cost effectively attaining compliance. Coalfire Systems serves as a one-stop shop for PCI, offering a host of services which drive merchants to compliance. Coalfire is an Approved Scan Vendor (ASV), authorized to provide the required quarterly network scans. The quarterly network scans are a cost effective way to ensure your payment card environment (PCE) is adequately protected. These quarterly scans are a requirement for all merchants. Additionally, Coalfire provides cost-effect PCI compliance assessment and consulting services, intended to assist merchants with completing the PCI Annual Self Assessment questionnaire, a requirement for all Level 1-3 merchants and select Level 4 merchants.

COALFIRE SYSTEMS PCI COMPLIANCE PARTNER SERVICES

Note that even though we provide VISA PABP certification on our software platform, you (the merchant) must still perform and obtain your own PCI compliance, which also involves testing your hosting/server environment together with the software.

To inquire about Coalfire Systems PCI services that you may use for your own PCI compliance testing, please contact:

Ryan McGowan

(206)352-6028 ext 7504

VERIFIED BY VISA/MASTERCARD 3-D SECURE

On a related topic, we also support Verified By Visa/Master Card 3-D secure in the US and U.K. for selected gateways. Click here for more info.

Please see our forums for any updates to this important topic.
 
Home | Contact | Terms Of Use | Privacy | Site Map | Features | Portfolio | Press | Products | FAQs | Testimonials | Custom Development | E-Commerce 101 | Merchant Accounts | Marketplace
Copyright ©1997-2009. All Rights Reserved. Powered by the AspDotNetStorefront, (ML v8.1/asp.net 3.5).  Patent Pending.
All logos and brands trademarks of respective companies shown.