Manage Licenses
0

A question on many people's minds is ...

If I make changes to AspDotNetStorefront v10,
will I still be using a PCI compliant payment application?

And the answer?

Whether you customize the application or not, you are required to complete a
Self-Assessment Questionnaire (SAQ) every year.
As long as you still have 'yes' answers, then you are in good shape.




Which SAQ are you supposed to complete?

Click here to find out

No source code mods

If you don't modify source code, then when you complete SAQ-D, you can use these out-of-box settings.

The relevant section of the SAQ will be available along with the v10 download in your licensee portal.

Source code
mods

If you change source code, you will need your developer to give you a positive 'yes' for all these questions.

The relevant section of the SAQ will be available along with the v10 download in your licensee portal.

Always use PCI-trained development companies

How to check?

Ask to see their back-out plan. Ask to see their security checklist. Ask to see their development-centric security policy, and ask to see some sample change control documentation. Finally, ask which alerts they are signed up for, to make sure that they are at the forefront of learning about new security vulnerabilities. If they can't show you, then please think hard about using a company that can.

A development company that is neglecting PCI-awareness might tell you 'this doesn't apply because the work we are doing won't touch the payment part of the code.'. Please don't accept that. No developer should be touching the source of AspDotNetStorefront unless they understand the significance of the questions in the SAQ, and have great answers.





PCI Certified Service Provider
Our software & hosting services comply with credit
card industry security standards
Copyright © 2025 AspDotNetStorefront. All logos and brands trademarks of respective companies shown. All Rights Reserved. Powered by AspDotNetStorefront.