PCI-DSS Compliance

  • Posts: 21
  • Thank you received: 0
10 years 11 months ago #40305


I'm in the process of setting up a site for a client using HikaShop and they want to use the SagePay credit card processor. One of the requirements to use SagePay is that the software must be "PCI-DSS Certified".

Here's the quote:

The Payment Application - Data Security Standard (PA-DSS) requires that any software that stores, processes or transmits credit card data must be PA-DSS certified by July 1, 2010. Coupled with this, as a merchant, if you use a software product to store, process or transmit credit card data, then effective July 1, 2010, when asked by your Merchant Acquirer (credit card processor), you must validate that the software you are using is PA-DSS certified.

So, my question is, is HikaShop PCI-DSS certified? Does it need to be? I assume the above quote is not just from SagePay by would be applicable to any e-commerce program???


Lance Thompson
CEO, Blue Sky Web Worx
Web Design, Web Marketing, Search Rankings, Graphic Design

Please Log in or Create an account to join the conversation.

  • Posts: 77810
  • Thank you received: 12279
10 years 11 months ago #40309

HikaShop didn't pass any certification on that regard.

From what I understand, the PCI DSS certification is not necessary for developers:

Do developers need to be PCI DSS compliant?

If you're a developer that's simply integrating a client's website with our payment gateway and handing over the completed project to your client, then you don't need to become PCI DSS compliant.
However, if at any stage you build and host a back office solution for your client, you'll need to look into your PCI DSS requirements and possibly also PA DSS.

That's an extract from SagePay documentation on PCI DSS:

They also provide such PCI DSS compliance assessments for merchants on that page.

The following user(s) said Thank You: lancert

Please Log in or Create an account to join the conversation.

Time to create page: 0.059 seconds
Powered by Kunena Forum