Visa Pabp Mandates (october 23 2007)
If you choose a NON PABP certified shopping cart platform, you may have your merchant account disabled, or not be able to obtain a merchant account for Internet card not present sales starting sometime in 2008! Why take the risk? Even just "PCI Compliance" by itself is not enough anymore! AspDotNetStorefront ML 7.0 is fully Visa PABP v1.4 Certified.
Please see: http://www.aspdotnetstorefront.com/t-pabp.aspx
We are in great shape, our ML v7.0 product is one of the VERY few asp.net carts that is already PABP certified (has been for almost a year already). This has been an "optional" software certification, which very few vendors spent time or money to do, unlike us. We started PABP certification last fall, and completed it early in 2007, at considerable cost and effort, as we believed it was the right thing to do, even before Visa "required" it to be done.
It's NOT EVEN good enough to just have PCI compliance anymore, PABP certification of the software is required IN a PCI compliant environment.
AspDotNetStorefront ML v7.0 is PABP Certified.
Please make sure your clients and customers are fully informed about this, and the risks involved for them if they still decide to go with a NON PABP certified product...they may save a few dollars now on software, and find that they cannot get a merchant account anymore.
This quote is direct from VISA:
Visa Announces New Payment Application Security Mandates, October 23, 2007 , Beginning January 1, 2008, Visa will implement a series of mandates to eliminate the use of non-secure payment applications f rom the Visa payment system. These mandates require acquirers to ensure their merchants and agents do not use payment applications known to retain prohibited data elements and require the use of payment applications that adhere to Visa’s Payment Application Best Practices (“PABP”). PABP-compliant applications help merchants and agents mitigate compromises, prevent storage of prohibited data and support overall compliance with the Payment Card Industry Data Security Standard (“PCI DSS”) and the Visa U.S.A. Inc. Operating Regulations
From our PABP Auditing firm:
"These mark the first strongly worded, firm deadlines promoted by Visa. Separately, the PCI Security Standards Council recently assumed ownership of the PABP from Visa, which further illustrates the importance of this initiative. Merchants (and developers providing ecommerce solutions for merchants) are either going to quickly adopt the PABP as a cost of doing business, or, they’re going to have to start winding down their business. Good for AspDotNetStorefront to be ahead of the competition." - Ryan McGowan, Security Account Manager, Coalfire Systems, Inc. (a certified PCI Consultancy & Assessor)
Copyright © 2012, AspDotNetStorefront. All rights reserved.