PCI Compliance is important to all online store owners, and Magento can be implemented to meet this strict standard currently, with inclusion of the encryption standards, features such as forced admin password reset, development according to industry standards, and more to support PCI Compliance.

Magento PaymentBridge

As Magento is an on-premise application, we adhere to the rules that regulate PA-DSS Compliance, and are excited to announce the soon-to-be-released Payment Bridge product, which is currently undergoing PA-DSS assessment by our Qualfied Security Assessor (QSA).

Magento PaymentBridge is a standalone payment application that will enable merchants to reduce their PCI compliance scope by segmenting payment functionality to a separate application. PaymentBridge is Magento’s PA-DSS compliant payment application, which will enable merchants to easily meet PCI compliance standards.

PaymentBridge will have significant benefits in minimizing ongoing cost, through minimizing merchant's PCI compliance by enabling updates to the core Magento eCommerce application with new marketing, merchandising and content management capabilities, without having to go through PCI compliance re-assessment of the entire Magento eCommerce platform.

For more information on PCI Compliance please visit the PCI Security Standards Council website: https://www.pcisecuritystandards.org/

What is PCI Compliance?

The PCI Data Security Standard (PCI DSS) was created by the major credit card companies to ensure the adoption of consistent security measures by all merchants. There are 12 requirements for meeting the PCI DSS, broken into 6 groups:

• Build and Maintain a Secure Network

  Requirement 1: Install and maintain a firewall configuration to protect cardholder data
  Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

• Protect Cardholder Data

  Requirement 3: Protect stored cardholder data
  Requirement 4: Encrypt transmission of cardholder data across open, public networks

• Maintain a Vulnerability Management Program

  Requirement 5: Use and regularly update anti-virus software
  Requirement 6: Develop and maintain secure systems and applications

• Implement Strong Access Control Measures

  Requirement 7: Restrict access to cardholder data by business need-to-know
  Requirement 8: Assign a unique ID to each person with computer access
  Requirement 9: Restrict physical access to cardholder data

• Regularly Monitor and Test Networks

  Requirement 10: Track and monitor all access to network resources and cardholder data
  Requirement 11: Regularly test security systems and processes

• Maintain an Information Security Policy

  Requirement 12: Maintain a policy that addresses information security

It is important to note that while Magento is an integral part of the chain in obtaining PCI Compliance, it is necessary to implement Magento in a PCI compliant hosting environment. We have given recommendations here on configuring Magento to meet the PCI-DSS. For more information on PCI Compliance please visit the PCI Security Standards Council website (https://www.pcisecuritystandards.org/)