Our site www.viart.com site is operated by latest Viart Shop 5 with default Clear design
Topic Information
GingerSue
GingerSue
I found an old (nearly 3 yr old) thread about this where Viart said it was, but there is no reference on the Viart website about being PCI Compliant. It seems that this would be a good selling point if it were.
 
Is Viart 3.7 currently PCI Compliant software?
 
SajMalik
SajMalik
GingerSue, the new version is 4.0 ; there will be no 3.7.
 
The current thread for this is:
http://www.viart.com/viart_4_0_beta_released.html
 
I think that is the best place to raise issues on this?
 
Chris
 
GingerSue
GingerSue
Oh sorry, I guess I have 3.6 :)
 
But 4.0 is beta and not to be used on a live site. I'm working on my PCI Compliance questionnaire right now and don't have a clue if my software is PCI Compliant.
 
SajMalik
SajMalik
I would put in a support ticket Smile
 
Ibn Saeed
Ibn Saeed
I actually did ask them this question 3 to 4 months ago
 
Here is the reply from the viart team:
 
===================
Hi Ibn,
 
We have added a series of security measures and features to make the software successfully pass PCI compliance testing. For example, the CVV2 has an option not to be saved in the store database, the Credit Card Number can be encoded and truncated if required and all Control Panel activity is logged (2 of the requirements for PCI compliance).
 
However, please note that PCI compliance is also dependent on other elements that are an essential part of your e-commerce system. You need to sign up for PCI compliance testing with one of the companies that offer such kind of service. As far as we are aware there are a lot of such companies.
 
The software application, like ViArt Shop, cannot be PCI compliant by itself and therefore cannot automatically grant the status of "PCI Compliant" to a Web store with ViArt Shop. That is because PCI compliance refers to the entire e-commerce system that powers your store, including your Web hosting environment and the payment gateway that is used for a credit card processing. The PCI compliance testing service that you sign up with will ask you questions about your entire e-commerce system (e.g. where you are hosted, which payment gateway you are using, etc.) and will take care of ensuring that everything is compliant.
 
Regards,
Michael
Viart Support
===============================
 
GingerSue
GingerSue
Thanks, that's a big help!