I received a call from an ASP.net e-commerce software provider and he emphasized that any e-commerce software used by a merchant needs to be PCI certified. He stated that his company's e-commerce software is PCI certified.
From their site it reads "July 2010 is the deadline for Phase 5 of the ' Payment Application Security Mandates*'. This VISA mandate states that 'Acquirers must ensure their merchants, VNPs and agents use only PA-DSS compliant applications'...Using a 3rd party payment system such as Google checkout or Paypal Express may be a solution but will result in decreased sales conversions."
If you do not store credit card information on a database, but only utilize a gateway/merchant such as Authorize.net (with all transactions SSL encripted), do the PHP software/dreamweaver extensions (eCart, Security Assist, etc) have to be PCI certified?
If so, are Webassist's products PCI certified?
If not, what PCI certification actions should a merchant using webassist products take?
Thank you in advance.