These requirements are designed to provide a standardized set of consistent security measures for merchants to follow that are handling credit card transactions.

The standard includes 12 requirements for maintaining a secure operation:

Build and Maintain a Secure Network

• Requirement 1: Install and maintain a firewall configuration to protect cardholder data
• Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
• Protect Cardholder Data
• Requirement 3: Protect stored cardholder data
• Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

• Requirement 5: Use and regularly update anti-virus software
• Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

• Requirement 7: Restrict access to cardholder data by business need-to-know
• Requirement 8: Assign a unique ID to each person with computer access
• Requirement 9: Restrict physical access to cardholder data
• Regularly Monitor and Test Networks
• Requirement 10: Track and monitor all access to network resources and cardholder data
• Requirement 11: Regularly test security systems and processes
• Maintain an Information Security Policy
• Requirement 12: Maintain a policy that addresses information security

For WordPress your E-commerce options are limited, and for a PCI Compliant shopping cart, they’re limited even further.

There is no way in a million years you should consider developing a new site using ANY shopping cart that is not willing to be compliant or in my (non legal) opinion, you’re setting yourself up for a lawsuit.

This list of WP shopping carts and their PCI compliance info will grow over time…

1. Shopp – The are compliant, and they are willing to say so, which is why they are our current platform of choice.
2. PHP Purchase – We’ve never used them but they say they’re compliant right on their home page.
3. Cart 32 – We’ve never used them, but they do claim compliance.
4. Vevo Cart – They DO claim to be compliant

These carts are either Non Compliant or simply not addressed on their sites:

1. WP Ecommerce – Although we HAVE tested their compliance once before and found no issues,  they now seem to fail test –  They refuse to offer any statement about compliance here – Check although there are lots of interesting discussions though here
2. WP Auctions –  No mention of PCI Compliance – check.
3. WP eStore – No mention of PCI but they use something called instant digital product delivery – check
4. Shopper Press – Has more than 20+ payment gateways, but not PCI compliant?  check
5. Market Theme – No mention of PCI Compliance – check.
6. Word Press Shopping Cart Plug-in – No mention of PCI compliance – check.

In the comments below, please leave any links to compliance info for anyone you come across, and I’ll update this list. Likewise, if you have information about anyone that’s NOT compliant, that would be helpful too.

WP Ecommerce

The original post is titled WordPress Shopping Cart PCI Compliance , and it came from GetWPress .

Recently, one of our customers told us that they were being required by their credit card company to pass a certification test verifying that their website was PCI compliant and wanted us to attend to it.

The company doing the compliance check was called Trustkeeper, and I’m very proud to report that right out of the box, with no changes on our part related to their cart, WP e-commerce passed the PCI compliance test with flying colors.

I don’t pretend to be an expert on PCI compliance, but I can tell you that we had no problem passing the test using the WP e-commerce software. We did have some server configuration changes, but those were unrelated to the WP or the cart plugin.

If you’re a WordPress lover and you’re in need of a shopping cart too, this one will meet your needs…   Please tell them that Scott sent ya!

The original post is titled PCI Compliant Cart for WP e-commerce , and it came from GetWPress .