Current versions of ClickCartPro and EuropaCart are PCI-DSS Compliant as Type 1 when using basic processing integrations, and are PCI-DSS Compliant as Type 4 when using advanced processing integrations.
The PCI-DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.
The PCI-DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
Current versions of our software are PCI-DSS compliant out of the box. At Kryptronic, software security is our number one priority.
In order to validate that your software installation is PCI-DSS compliant, you must first ensure that you are running a version of our software which conforms to PCI standards. Use the checklist below to determine if the software you are using is PCI-DSS compliant. Your software installation is considered PCI compliant if the following three criteria are met:
· You have software with a version number of 6.0.0, or higher.
· You have software with a license number beginning with 'X-'.
· You have software with file-based debugging inactive (an inactive option by default).
If you are using a software version which does not meet all of the criteria above, consider upgrading to a version which is PCI-DSS compliant. Click the link below to upgrade to a newer version of our software.
Upgrade a non-compliant version
If you are using a version of our software which meets all of the criteria above, your software is PCI-DSS compliant. The next thing you need to do is to determine the PCI-DSS validation type for your software installation.
Merchants are required by payment brands and payment processing gateways to validate PCI-DSS compliance by submitting a Self-Assessment Questionairre (SAQ), and may be required, based on validation type, to undergo quarterly security scans. PCI-DSS compliant versions of our software installations are validated as either Type 1, or Type 4, depending on their configuration.
Our software includes support for a large number of payment processing gateways, and support allowing for customer selection from multiple payment processing gateway choices during online transactions. The PCI-DSS validation type for your installation depends on which payment processing gateways you have activated.
Supported payment processing gateways and their PCI-DSS validation types are presented below:
Payment Processing Gateway | PCI-DSS Validation Type | Applicable Software Versions |
---|---|---|
2CheckOut V2 (Authnet) - Payment Form | Type 1 | 6.0.0 and higher |
Authorize.Net AIM Credit Card - Secure Server | Type 4 | 6.0.0 and higher |
Authorize.Net AIM eCheck - Secure Server | Type 4 | 6.0.0 and higher |
Authorize.Net SIM - Payment Form | Type 1 | 6.0.0 and higher |
Authorize.Net SIM - Secure Server | Type 1 | 6.0.0 and higher |
BluePay API - Secure Server | Type 4 | 6.0.0 and higher |
Check Payment | Exempt | 6.0.0 and higher |
Contact Customer | Exempt | 6.0.0 and higher |
CyberSource Secure Acceptance (SA) - Payment Form | Type 1 | 8.0.0 and higher |
ECHOnline Credit Card - Secure Server | Type 4 | 6.0.0 and higher |
EFSNET - Secure Server | Type 4 | 6.0.0 and higher |
ePDQ - Payment Form | Type 1 | 7.0.0 and higher |
FirstPay - Secure Server | Type 4 | 6.0.0 and higher |
Google Checkout - Payment Form | Type 1 | 7.1.0 and higher |
GoRealtime.Com - Payment Form | Type 1 | 6.0.0 and higher |
GoRealtime.Com - Secure Server | Type 1 | 6.0.0 and higher |
HSBC - Payment Form | Type 1 | 7.0.0 and higher |
InternetSecure - Payment Form | Type 1 | 6.0.0 and higher |
iTransact - Payment Form | Type 1 | 6.0.0 and higher |
iTransact - Secure Server | Type 1 | 6.0.0 and higher |
Linkpoint/YourPay API - Secure Server | Type 4 | 6.0.0 and higher |
Linkpoint/YourPay HTML - Payment Form | Type 1 | 6.0.0 and higher |
Netbilling - Payment Form | Type 1 | 6.0.0 and higher |
NetBilling - Secure Server | Type 1 | 6.0.0 and higher |
No Payment - Zero Balance | Exempt | 6.0.0 and higher |
Nochex - Payment Form | Type 1 | 7.0.0 and higher |
PayPal (Payflow Pro) - Secure Server | Type 4 | 6.0.0 and higher |
PayPal (Pro Direct Method) - Secure Server | Type 4 | 6.0.0 and higher |
PayPal (Pro Express Method) - Payment Form | Type 4 | 6.0.0 and higher |
PayPal (Standard Method) - Payment Form | Type 1 | 6.0.0 and higher |
PayPoint.net (SECPay) - Payment Form | Type 1 | 7.0.0 and higher |
PayPoint.net (SECPay) - Secure Server | Type 1 | 7.0.0 and higher |
PaySystems (RevEcom) - Payment Form | Type 1 | 6.0.0 and higher |
Planet Payment WebLink - Secure Server | Type 1 | 6.0.0 and higher |
PlanetPayment WebLink - Payment Form | Type 1 | 6.0.0 and higher |
PlugNPay - Payment Form | Type 1 | 6.0.0 and higher |
PSiGate - Payment Form | Type 1 | 6.0.0 and higher |
PSiGate - Secure Server | Type 1 | 6.0.0 and higher |
Purchase Order | Exempt | 6.0.0 and higher |
RTware WebLink - Payment Form | Type 1 | 6.0.0 and higher |
RTware WebLink - Secure Server | Type 1 | 6.0.0 and higher |
SagePay (Protx) - Payment Form | Type 1 | 7.0.0 and higher |
SagePay (Protx) Direct - Secure Server | Type 4 | 7.0.0 and higher |
SkipJack - Secure Server | Type 1 | 6.0.0 and higher |
Verisign Payflow Link - Payment Form | Type 1 | 6.0.0 and higher |
Verisign Payflow Link - Secure Server | Type 1 | 6.0.0 and higher |
ViaKlix - Payment Form | Type 1 | 6.0.0 and higher |
ViaKlix - Secure Server | Type 1 | 6.0.0 and higher |
Wells Fargo (Authnet) Credit Card - Secure Server | Type 4 | 6.0.0 and higher |
Wells Fargo (Authnet) eCheck - Secure Server | Type 4 | 6.0.0 and higher |
Wells Fargo (BoA) - Payment Form | Type 1 | 6.0.0 and higher |
Wells Fargo (BoA) - Secure Server | Type 1 | 6.0.0 and higher |
WorldPay WorldDirect - Payment Form | Type 1 | 6.0.0 and higher |
To identify your software installation's PCI-DSS validation type, use the following checklist:
· If you have a gateway activated which is not listed above, your installation cannot be identified as PCI-DSS compliant.
· If you have only Exempt gateways activated, your installation is exempt from PCI-DSS compliance.
· If you have only Type 1 gateways activated, your installation is eligible for PA-DSS Type 1 validation.
· If you have any Type 4 gateways activated, your installation is eligible for PA-DSS Type 4 validation.
If your software installation may be validated as Type 1, download the PCI Security Standards Council publication titled 'Self Assessment Questionairre A and Attestation of Compliance', complete it, and send it to the party which requested validation of your PCI-DSS compliance.
Type 1: Download the publication 'Self Assessment Questionairre A and Attestation of Compliance' in DOC format
Type 1: Download the publication 'Self Assessment Questionairre A and Attestation of Compliance' in PDF format
Quarterly security scans are not required as part of PCI-DSS Type 1 validation.
If your software installation must be validated as Type 4, download the PCI Security Standards Council publication titled 'Self Assessment Questionairre C and Attestation of Compliance', complete it, and send it to the party which requested validation of your PCI-DSS compliance.
Type 4: Download the publication 'Self Assessment Questionairre C and Attestation of Compliance' in DOC format
Type 4: Download the publication 'Self Assessment Questionairre C and Attestation of Compliance' in PDF format
Quarterly security scans are required as part of PCI-DSS Type 4 validation. You must host your software installation in a PCI compliant hosting environment on a server which passes quarterly security scans performed by a certified scanning provider.
Kryptronic Managed Hosting accounts meet these strict requirements and allow you to successfuly complete Type 4 validation. Click the link below to learn more about Kryptronic Managed Hosting.