Re: X-Cart and PCI-DSS / PA-DSS compliance
My previous post was either lost or dropped. I am reposting.
On the original issue: There is no need to encrypt software for PCI-DSS compliance - unless there is a hidden agenda to make difficult user mods and 3rd party mods.
Regardless of whether or not the underlying software is obfuscated, if you save a customer's credit card # and the CVV/CVV2 then you're not compliant. I have read policies that claim security and therefore compliance because they claim to delete these data after 30 days from their database.
|