Bugs & Feature Requests
Gateways, Merchant Accounts, Bank Accounts, Oh My!
The Foxy forums are on the move!
We're in the process of
moving our forums over to a new system
, and so these forums are now read-only.
If you have a question about your store in the meantime, please don't hesitate to
reach out to us via email
Best way to go about PCI Compliance
edited December 2008
What exactly does Foxycart need from me to know that I'm PCI compliant?
Also, any recommendations as to what the best avenue is toward becoming PCI compliant?
I apologize, this shouldn't be in the Bugs and Feature Requests category.
No worries. The current forum makes categories kind of moot anyway (though we'll be moving to a new one at some point).
At this point, since PCI compliance is a self-certification method (for most merchants) we just ask for your confirmation that you are. You can get the self-certification questionnaire here:
There are services that will help walk you through this process as well:
That might be worth it. If you plan on doing the offline processing method (which we do require PCI compliance to enable on a per user basis) you should obviously be very familiar with PCI DSS.
Thanks for the info. I appreciate how quickly you responded.
Is this still the process to go through for offline processing?
Once our clients have verified their PCI compliance, how do we get this info to you? What do we need to do or provide to FoxyCart for the PCI compliance so that they can start offline processing?
From the FoxyCart admin there's a link to verify your PCI compliance, which sends it to our team for approval (which can take a few days). The link is on the transaction page on the "show CCs" button.
That doesn't answer my question... On that page, it says:
According to PCI guidelines and section 7 of our Terms of Service, we do not allow our users to access card holder data unless they are also PCI compliant. In order to view your customer's card holder data, you must contact us directly and verify your PCI compliance.
To do so, just email us with the appropriate verification and we will grant you access.
What is the appropriate verification? What do you need?
, try clicking that email link. It should create an email with most of the text required already in the body for you, if I remember correctly.
Thanks tookings, and sorry epc_jg that I wasn't more clear. The email that's generated asks for additional information.