Ecommerce Templates > PA-DSS Compliance
- PA-DSS Compliance and Ecommerce Templates
- What is PA-DSS?
- Why is PA-DSS compliance important?
- What does it mean for your store?
- Managing PA-DSS compliance
From Version 6.1 of Ecommerce Plus from Ecommerce Templates we are pleased to announce the software is officially certified PA-DSS compliant. Certification is provided by the PCI Security Standards Council.
PA-DSS is a certification process to ensure the security of data by requiring shopping cart and payment applications to adhere to an industry standard initially created by Visa. This includes the non-storage of sensitive data such as credit card numbers and validation code, application activity logging, secure logins and vulnerability testing amongst many other things.
Your ecommerce software is just one factor in being PCI compliant as it also involves your hosting company and payment processor for example. If you are not using a PA-DSS compliant shopping cart like Ecommerce Templates, it is unlikely you will be PCI compliant. This can result in higher fees, fines and even revocation of the ability to take online payments.
It is also means that you are working with a vendor that takes your online security extremely seriously. Certification is not a simple rubber stamp process but takes many weeks of code changes, testing and documentation to have the application approved.
Ecommerce Templates has completed the PA-DSS compliance certification to provide an industry standard level of security for you store. Many of the changes will be in the background but you will notice some new additions and features
- Activity and event logging in the control panel dashboard
- Forced minimum password length with aplha-numeric content
- Periodic forced password change
- Maximum number of incorrect password attempts
- Automatic logging off from control panel after a period of inactivity
- No card holder data stored
- All passwords are transmitted and stored in hashed form
Although PA-DSS compliance is highly recommended and Ecommerce Templates comes with all the features enabled "out of the box", it may be that some users will find it unnecessary. If for example you are testing your store locally or are in a situation / country where it is not required you do have the ability to turn this off.
For the ASP version, add the following to vsadmin/includes.asp
for the PHP version add this to vsadmin/includes.php
One of the features of PA-DSS compliance is that you will be logged off from the control panel following 15 minutes of inactivity. In Version 6.2 we introduced a warning alert box that will advise you that you are about to be disconnected from the control panel and allows you to maintain your session in the admin.