Is PowerStore PCI Compliant?

With all the questions and reading one kept going around on my mind. Is PowerStore PCI compliant out the box?

I think you are misunderstanding what PCI compliance is.

PCI Compliance refers to the security level of the application server.

The code in Powerstore is plenty secure. the week link is the security of the Webserver and the Database server.

PCI compliance is about the security of your server. You have to have a SSL certificate to enable your server to communicate with outside clients/servers using encryption, implement strong protection against hackers, and other required security measures to protect the information gathered from your users.

Once your server passes all of that, PowerStore will be ready to go.

(Jason your too fast for me. I'll have to learn to type faster) :)

I spent 4 hours on this today.

Apparently, PCI compliance starts at the host but moves to the application to also be PCI compliant.

Requirements for compliance are for HOST, WEB APP, PROCEDURES, GATEWAY and so forth.

It turns out that the people at PCI told me that e-commerce software is a Web App which is also required to be PCI Compliant in order for the company doing e-commerce to be PCI Compliant.

I looked and there is a few shipping carts already advertising PCI compliance.

Hence why I asked, I didnt ask "is it Secure", I asked is it PCI Compliant"

It's like a room with many doors. All it takes is one door that's unlocked and the whole room is no longer secure.

This article might help:
PCI Compliance: Frequently Asked Questions

1028-PCI-Compliance-Frequently-Asked-Questions

Not trying get on your guys nerves:

On the question "How does PCI compliance affect my ecommerce business?"

Erin uses the term "Compliant Shopping Cart". That's PowerStore. Not only the server but the shopping cart also.

Hence why I ask.

The simple answer from you us either YES or NO. Which one is it?

If you put PowerStore on a PCI compliant server the answer would be yes. If you put it on a non-PCI compliant server the answer would be no.

I disagree with the term PCI compliant cart because it implies that that's all you need.

I have one fire-rated door in my office and one non fire-rated door in my office. Is my office fire-rated?

Thanks office guy, you still not answering the simple question.

Please answer it as I am being specific, our hosting company is compliant, so will be our gateway Authorize.Net.

The question is the ecart software tho.

It is an application and it is required to be compliant.

So I ask the question again, is PowerStore compliant?

Dont dodge my question please, I am frustrated by all the run around.

Dont take it the wrong way but I and others paid a lot of money for PowerStore for it not to be compliant. So the question is simple, is PowerStore PCI Compliant?

Im not asking if the hosting company is as that really neither here nor there for you. I am asking webassist.

Originally Said By: Giovanni_

  Thanks office guy, you still not answering the simple question.

Please answer it as I am being specific, our hosting company is compliant, so will be our gateway Authorize.Net.

The question is the ecart software tho.

It is an application and it is required to be compliant.

So I ask the question again, is PowerStore compliant?

Dont dodge my question please, I am frustrated by all the run around.  

It is not a simple question because it involves so many factors outside the control of WA. If everything else passes, then eCart will be compliant.

You also need to:
* Build and maintain a secure network to protect payment card information
* Maintain a vulnerability management program
* Implement strong access control measures
* Regularly monitor and test networks
* Pass quarterly remove vulnerability scans
* And more …

All of that is beyond the capability of any software alone.