PCI-DSS Compliant Software

Current versions of ClickCartPro and EuropaCart are PCI-DSS Compliant as Type 1 when using basic processing integrations, and are PCI-DSS Compliant as Type 4 when using advanced processing integrations.

PCI-DSS Compliant eCommerce Software

PCI-DSS Compliance Explained

The PCI-DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.

The PCI-DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

Current versions of our software are PCI-DSS compliant out of the box. At Kryptronic, software security is our number one priority.

Step 1: Determine Software Compliance Status

In order to validate that your software installation is PCI-DSS compliant, you must first ensure that you are running a version of our software which conforms to PCI standards. Use the checklist below to determine if the software you are using is PCI-DSS compliant. Your software installation is considered PCI compliant if the following three criteria are met:

· You have software with a version number of 6.0.0, or higher.

· You have software with a license number beginning with 'X-'.

· You have software with file-based debugging inactive (an inactive option by default).

If you are using a software version which does not meet all of the criteria above, consider upgrading to a version which is PCI-DSS compliant. Click the link below to upgrade to a newer version of our software.

Upgrade a non-compliant version

If you are using a version of our software which meets all of the criteria above, your software is PCI-DSS compliant. The next thing you need to do is to determine the PCI-DSS validation type for your software installation.

Step 2: Determine PCI-DSS Validation Type

Merchants are required by payment brands and payment processing gateways to validate PCI-DSS compliance by submitting a Self-Assessment Questionairre (SAQ), and may be required, based on validation type, to undergo quarterly security scans. PCI-DSS compliant versions of our software installations are validated as either Type 1, or Type 4, depending on their configuration.

Our software includes support for a large number of payment processing gateways, and support allowing for customer selection from multiple payment processing gateway choices during online transactions. The PCI-DSS validation type for your installation depends on which payment processing gateways you have activated.

Supported payment processing gateways and their PCI-DSS validation types are presented below:

Payment Processing Gateway PCI-DSS Validation Type Applicable Software Versions
2CheckOut V2 (Authnet) - Payment Form Type 1 6.0.0 and higher
Authorize.Net AIM Credit Card - Secure Server Type 4 6.0.0 and higher
Authorize.Net AIM eCheck - Secure Server Type 4 6.0.0 and higher
Authorize.Net SIM - Payment Form Type 1 6.0.0 and higher
Authorize.Net SIM - Secure Server Type 1 6.0.0 and higher
BluePay API - Secure Server Type 4 6.0.0 and higher
Check Payment Exempt 6.0.0 and higher
Contact Customer Exempt 6.0.0 and higher
CyberSource Secure Acceptance (SA) - Payment Form Type 1 8.0.0 and higher
ECHOnline Credit Card - Secure Server Type 4 6.0.0 and higher
EFSNET - Secure Server Type 4 6.0.0 and higher
ePDQ - Payment Form Type 1 7.0.0 and higher
FirstPay - Secure Server Type 4 6.0.0 and higher
Google Checkout - Payment Form Type 1 7.1.0 and higher
GoRealtime.Com - Payment Form Type 1 6.0.0 and higher
GoRealtime.Com - Secure Server Type 1 6.0.0 and higher
HSBC - Payment Form Type 1 7.0.0 and higher
InternetSecure - Payment Form Type 1 6.0.0 and higher
iTransact - Payment Form Type 1 6.0.0 and higher
iTransact - Secure Server Type 1 6.0.0 and higher
Linkpoint/YourPay API - Secure Server Type 4 6.0.0 and higher
Linkpoint/YourPay HTML - Payment Form Type 1 6.0.0 and higher
Netbilling - Payment Form Type 1 6.0.0 and higher
NetBilling - Secure Server Type 1 6.0.0 and higher
No Payment - Zero Balance Exempt 6.0.0 and higher
Nochex - Payment Form Type 1 7.0.0 and higher
PayPal (Payflow Pro) - Secure Server Type 4 6.0.0 and higher
PayPal (Pro Direct Method) - Secure Server Type 4 6.0.0 and higher
PayPal (Pro Express Method) - Payment Form Type 4 6.0.0 and higher
PayPal (Standard Method) - Payment Form Type 1 6.0.0 and higher
PayPoint.net (SECPay) - Payment Form Type 1 7.0.0 and higher
PayPoint.net (SECPay) - Secure Server Type 1 7.0.0 and higher
PaySystems (RevEcom) - Payment Form Type 1 6.0.0 and higher
Planet Payment WebLink - Secure Server Type 1 6.0.0 and higher
PlanetPayment WebLink - Payment Form Type 1 6.0.0 and higher
PlugNPay - Payment Form Type 1 6.0.0 and higher
PSiGate - Payment Form Type 1 6.0.0 and higher
PSiGate - Secure Server Type 1 6.0.0 and higher
Purchase Order Exempt 6.0.0 and higher
RTware WebLink - Payment Form Type 1 6.0.0 and higher
RTware WebLink - Secure Server Type 1 6.0.0 and higher
SagePay (Protx) - Payment Form Type 1 7.0.0 and higher
SagePay (Protx) Direct - Secure Server Type 4 7.0.0 and higher
SkipJack - Secure Server Type 1 6.0.0 and higher
Verisign Payflow Link - Payment Form Type 1 6.0.0 and higher
Verisign Payflow Link - Secure Server Type 1 6.0.0 and higher
ViaKlix - Payment Form Type 1 6.0.0 and higher
ViaKlix - Secure Server Type 1 6.0.0 and higher
Wells Fargo (Authnet) Credit Card - Secure Server Type 4 6.0.0 and higher
Wells Fargo (Authnet) eCheck - Secure Server Type 4 6.0.0 and higher
Wells Fargo (BoA) - Payment Form Type 1 6.0.0 and higher
Wells Fargo (BoA) - Secure Server Type 1 6.0.0 and higher
WorldPay WorldDirect - Payment Form Type 1 6.0.0 and higher

To identify your software installation's PCI-DSS validation type, use the following checklist:

· If you have a gateway activated which is not listed above, your installation cannot be identified as PCI-DSS compliant.

· If you have only Exempt gateways activated, your installation is exempt from PCI-DSS compliance.

· If you have only Type 1 gateways activated, your installation is eligible for PA-DSS Type 1 validation.

· If you have any Type 4 gateways activated, your installation is eligible for PA-DSS Type 4 validation.

Step 3: Complete PA-DSS Validation

If your software installation may be validated as Type 1, download the PCI Security Standards Council publication titled 'Self Assessment Questionairre A and Attestation of Compliance', complete it, and send it to the party which requested validation of your PCI-DSS compliance.

Type 1: Download the publication 'Self Assessment Questionairre A and Attestation of Compliance' in DOC format
Type 1: Download the publication 'Self Assessment Questionairre A and Attestation of Compliance' in PDF format

Quarterly security scans are not required as part of PCI-DSS Type 1 validation.

If your software installation must be validated as Type 4, download the PCI Security Standards Council publication titled 'Self Assessment Questionairre C and Attestation of Compliance', complete it, and send it to the party which requested validation of your PCI-DSS compliance.

Type 4: Download the publication 'Self Assessment Questionairre C and Attestation of Compliance' in DOC format
Type 4: Download the publication 'Self Assessment Questionairre C and Attestation of Compliance' in PDF format

Quarterly security scans are required as part of PCI-DSS Type 4 validation. You must host your software installation in a PCI compliant hosting environment on a server which passes quarterly security scans performed by a certified scanning provider.

Kryptronic Managed Hosting accounts meet these strict requirements and allow you to successfuly complete Type 4 validation. Click the link below to learn more about Kryptronic Managed Hosting.

Set up a PCI compliant Kryptronic Managed Hosting account

Kryptronic: Security. Stability. Reliability