Thread: New PCI Rules and ASPDNS

We just received an email from our PCI vendor, ControlScan, regarding new policies going into affect September 1st. How will this impact ASPDNS carts, especially those using version 8.x?

Effective September 1st, all merchants who require quarterly vulnerability scanning are required to adhere to new policies established by the PCI Security Standards Council (PCI SSC). View giude at https://www.pcisecuritystandards.org...guide_v1.0.pdf

Thanks.

Good morning,

The PCI Security Standards are far more about your hosting environment than about the applications (like your online store). You should be asking your host to reassure you that they are conforming to the new standards. AspDotNetStorefront (version 8) is not only certified for maintaining PCI standards (in a secure hosted environment) but is also certified as a secure APPLICATION (PA-DSS). You will be hard pressed to find a more secure way to sell online, so I think you can be proud - both of your choice and of your commitment to adhering to security standards that should matter to all of us.

I hear from the Brits that the UK is beginning to take very real notice of PCI and PA-DSS standards - ahead of the US, really. I think that the banks and merchant services over in the UK are beginning to enforce protocols that have been coming for a while. In the long run, it'll be good for ecommerce - shoppers will find reassurance in knowing that online credit card payments are safe.

Rest assured that you have invested in a solid and secure product. Version 9 is undergoing certification - this is months of work, but it is "compliant" - we just need the certificate to prove it.

Thanks, Jo!