CALL TOLL FREE: 800.673.4898   or  

SunShop Shopping Cart

SunShop & PCI Compliance

PCI Compliance is increasingly important to all online retailers, and SunShop can be implemented to meet the strict standards needed to make sure that you and your customers are always protected.

  • What is PCI Compliance?

Payment Card Industry Data Security Standards (PCI DSS) are network security and business practice guidelines adopted by Visa, MasterCard, American Express, Discover Card, and JCB to establish a "minimum security standard" to protect customer's payment card information. It's a requirement for all merchants that store, transmit, or process payment card information. Below is the requirements broken into 6 groups:

  • Build and Maintain a Secure Network:

    Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
    Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.
  • Protect Cardholder Data:

    Requirement 3: Protect stored cardholder data.
    Requirement 4: Encrypt transmission of cardholder data across open, public networks.
  • Maintain a Vulnerability Management Program:

    Requirement 5: Use and regularly update anti-virus software.
    Requirement 6: Develop and maintain secure systems and applications.
  • Implement Strong Access Control Measures:

    Requirement 7: Restrict access to cardholder data by business need-to-know.
    Requirement 8: Assign a unique ID to each person with computer access.
    Requirement 9: Restrict physical access to cardholder data.
  • Regularly Monitor and Test Networks:

    Requirement 10: Track and monitor all access to network resources and cardholder data.
    Requirement 11: Regularly test security systems and processes.
  • Maintain an Information Security Policy:

    Requirement 12: Maintain a policy that addresses information security.
  • Configuring SunShop to meet PCI DSS:

There are a few steps to take when implementing SunShop to ensure that it is functioning in a PCI compliant manner:

  1. Always use secure connection when transmistting card holder data to your payment gateway for processing.
  2. Do not use the "Store Card Details" function within the Credit Card module within a production environment (live site). If this is enabled, credit card data will be stored in the database, creating further requirements for PCI compliance.
  3. Consider using a PCI compliance scan services such as Hackerproof & Hackerguardian.

It is important to note that while SunShop is an integral part in the chain of obtaining PCI Compliance, it is necessary to implement SunShop in a PCI compliant hosting environment. We have given recommendations here on configuring SunShop to meet the PCI DSS. For more information on PCI Compliance please visit the PCI Security Standards Council website at https://www.pcisecuritystandards.org/.