PCI Compliance Statement

Myths and realities about PCI and PABP Standards

PCI DSS Compliance Questions Answered

Common myths about PCI Compliance

Please see the following page for a better understanding of what PCI Compliance is NOT:  https://www.pcisecuritystandards.org/pdfs/pciscc_ten_common_myths.pdf

Answers to the most commonly-asked questions pertaining to Payment Card Industry Data Security Standard compliance

DISCLAIMER: The following answers pertain to a webstore built with default Zen Cart code without any customizations, using only built-in features/modules/capabilities, in the default configuration.
Any customizations you do to your store render these statements incomplete and require that you answer these questions yourself.

  • Question 6.2 Is the software and application development process based on an industry best practice and is information security included throughout the software development life cycle (SDLC) process? Yes

  • Question 6.5 Were the guidelines commonly accepted by the security community (such as Open Web Application Security Project group (www.owasp.org)) taken into account in the development of Web applications? Yes

  • Question 6.6 When authenticating over the Internet, is the application designed to prevent malicious users from trying to determine existing user accounts? Yes

  • Question 6.7 Is sensitive cardholder data stored in cookies secured or encrypted?
    Cookies are not used to store Cardholder data.

  • Question 6.8 Are controls implemented on the server side to prevent SQL injection and other bypassing of client side-input controls? Yes

PABP Standards Compliance

A fresh install of Zen Cart contains several built-in payment modules which connect to an external gateway to do live credit card transaction processing. These built-in gateway modules are designed to be PABP compliant.

Any alterations made to these modules by an individual storeowner, or any addon modules built by third-party developers, may or may not be PABP compliant. The onus is on the store merchant to ensure compliance for satisfying PABP requirements for their own merchant account TOS.

Still have questions? Use the Search box in the upper right, or try the full list of FAQs. If you can't find it there, head over to the Zen Cart support forum and ask there in the appropriate subforum. In your post, please include your Zen Cart and PHP versions, and a link to your site.

Is there an error or omission on this page? Please post to General Questions on the support forum. Or, if you'd like to open a pull request, just review the guidelines and get started. You can even PR right here.
Last modified October 4, 2020 by Chris Brown (5a3f4c7).