PCI Compliance

General Topics
Security of your customer’s personal information and credit card data is number one priority for Smith Consulting and all our ecommerce modules are built to be fully PCI compliant.  The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.  The PCI DSS is administered and managed by the PCI SSC www.pcisecuritystandards.org an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.).
 
1.  Credit Card Encryption – Cart supports stores or credit card numbers in the database using RSA 256 bit encryption which is an approved encryption by PCI.
 
2.  Card Security Code – CVV/CID on the back of a credit card is collected from the user and sent to the payment gateway for authorization but is never stored in the database.
 
3.  SSL – SmithCart fully supports SSL
 
4.  Cart supports validation for SQL injection and cross site scripting to prevent unauthorized access to the database.