Konakart PCI compliant?

[jmirc]

I would like to know if Konakart is PCI compliant?

Thanks

Jérôme   

[heidi]

Hi Jérôme,

PCI compliance is a lot more than just the software being used.

The rules for PCI compliance fall into are six major categories within the standards established by the PCI Security Standards Council, which are as follows:

* Build and maintain a secure network
* Protect card holder data
* Maintain a vulnerability management program
* Implement strong access control measures
* Regularly monitor and test networks
* Maintain an information security policy.

Within these six categories are 12 requirements that address particular issues and that are directly related to web application security:

1. Install and maintain a firewall configuration to protect card holder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored card holder data
4. Encrypt transmission of card holder data across open, public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to card holder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to card holder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security.

KonaKart can be implemented as part of a PCI-compliant service...if all of the above satisfied.
With KonaKart you have the choice of not storing credit card details or storing them in an encrypted fashion.
You also have the choice of using SSL for secure communication of data across networks.

--Heidi