PCI compliance issues for Magento running on Bluehost
https://stackoverflow.com/questions/4684570
-
11-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm trying to setup an ecommerce site for a client and PCI compliance has come up. I'm having a hard time finding specific examples online...
Lets say that I am running a magento store for a small non-profit (<5000 xactions/yr) on a standard bluehost account w ssl. I use authorize.net as a payment-gateway.
I do not believe that magento stores credit card numbers in its database. Therefore, when a user submits an order, it passes through SSL to bluehost's servers, where it is processed by authorize.net, then is forgotten.
Bluehost supports PCI A and B compliance on all systems... http://helpdesk.bluehost.com/index.php/kb/article/000512
Do I have any PCI concerns?
If so - any suggestions on what I can change? Different hosting service.
Thanks!
(PS I know that redirecting the user to paypal would solve everything, but nobody wants that)
Solution
If you are using the existing authnet extension, you are correct that Magento does not save the CC number (not even in the session). Obviously you should have someone do a PCI compliance review if this is a significant issue.
OTHER TIPS
Yes, you are in PCI compliance scope. If you do not outsource your card data, you will have to get expensive PCI compliant hosting and ASV scans. If you can outsource, you will save a lot of money.
