Google

Saturday, May 30, 2009

6 Steps to Secure Shopping Cart (Oscommerce vs. Zen cart vs. Magento) Payment

 

The Payment Card Industry (PCI) Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The standard was created to help organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations which hold, process, or pass cardholder information from any card branded with the logo of one of the card brands.

The following 6 steps help to Keep Your Shopping Cart (Magento vs. Oscommerce vs. Zencart) Payment Card Industry (PCI) Data Security Standard PCI Compliant:


1. Make sure your customer checkout and Admin is SSL Encrypted

2. Keep your shopping cart updated to the newest version to protect from SQL Injection hacks, and other security breaches.

3. Provide different access levels and logins to the different people that use the administration section of your website. Don't provide people access to customer credit card information that don't need it (i.e. employees that update product info or website articles). This sometimes involves the installation of the admin access levels module for Oscommerce if you don't already have it installed..

4. Try to avoid store your customer's credit card data, it reduces your risk. You only really need to have the customer credit card data entered on the payment screen, and sent immediately to your payment processor. Your payment is then authorized/captured, and you don't need to store that data any longer.

5. Never store CVV credit card information (3 to 4 digit code on the back of the credit card).
6. If you must store customer credit card data for recurring billing or other applications, many payment processors now offer a service where they store the credit card data, and your shopping cart accesses and bills customers using an API (method of communication). This means that you are no longer responsible for storing that data and don't have that liability.

Based on the guide and practice in security settings, by comparing Shopping Cart features (Magento vs. Oscommerce vs. Zencart) on Payment Card Industry (PCI) Data Security Standard PCI Compliant: I recommend Zen-Cart as the best shopping cart. It is secure and easily modified. OSCommerce is a good shopping cart but in my opinion is not as secure as Zen-Cart and is harder to customize. The Zen-Cart engine is OSCommerce with added features and a more friendly admin panel. And it is said that there is a security vulnerability in Magento Commerce in 1.2.1.1 (and previous versions) that I believe should be fixed before anyone else uses it.