Soholaunch and PCI Compliance Question

Re: Soholaunch and PCI Compliance Question

You are unnecessarily confusing yourself with terms, protocol, standards, and processes that you are woefully unfamiliar with. It is not nearly as complicated as you communicate ...

In a nutshell, PCI standards and compliance is required by law to protect the consumer information, financial details, and transactional integrity for online processing of credit cards ... meaning, any business or organization must provide an encrypted platform upon which to transmit information in order to process a credit transaction.

It has always been preferred to offer credit card processing on a website rather than using a separate service that requires a buyer to 'navigate away' from the website to effect a transaction. The costs to maintain a Merchant Account and a Gateway, however, are restrictive to many, which is why "off-site" processing is still very popular and convenient -- PayPal being the most consumer recognized, followed by GoogleCart, WorldPay, etc. WHICHEVER processor is chosen, all transactions must be made in an encrypted environment (US Laws and the "PCI Compliance" you reference).
In this understanding, that is why if you elect to process transactions with PayPal, you are re-directed to their secure site to complete the transaction by entering personal information (name, credit card info, etc.). The fact their site is "secure" is verifiable via the SSL (Secure Socket Layer) Certificate posted conspicuously on their page.

You can achieve complete "PCI Compliance" just as thousands of other VodaHost clients have, simply by:
1. paying for a regular hosting account;
2. installing Soholaunch (the cart you indicate as your choice);
3. purchasing and installing a SSL Cert (VodaHost sells and installs single root SSL Certificate by RAPID, as detailed here);
4. configuring your installed Soholaunch to transmit via Authorize.net (as you mentioned to be your Gateway choice);
5. enter the specific Processor Account ID so it connects to your Soholaunch via Authorize.net.

All online transactions, therefore, will process on your site (without being re-directed, as would PayPal) via Authorize.net (your chosen Gateway) in a secure environment (with a Rapid SSL Cert installed) by your chosen Merchant Account Credit Processor.

You could choose, however, to capitulate to unreasonable fears and choose to purchase Dedicated Hosting instead at significantly higher cost, but the steps outlined above would be the same in order to prepare a website to be functional ... just having Dedicated Hosting affords a bit more "peace of mind" -- for a price. It is better that you understand the simplicities of processing credit cards online and what that entails (if to be "PCI Compliant") and be able to personally manage a common account than it is to remain ignorant and pay for services you really don't need (and which may later prevent expansion or easy modification).

You can read more about "PCI Compliance" here to gain the understanding for you to cogently develop your website(s).

Re: Soholaunch and PCI Compliance Question

Thank you Vasili.
You hit on everything that I had concern with. Very good detail. Just one more concern. The problem I had before with my site and the hosting account I was using (not vodahost) was sometime having a hard time being compliance.

The problem would be fix on their end and then when the quarterly scan (PCI compliance scan) came around then another problem would arise with the hosting. I know with something like paypal their wouldn't be a problem with compliance.

I cant use paypal because of the item I would be selling (weapons). I have to go with a gateway like Authorize.net or FirstData. Is their a quarterly scan done with vodahost. I would like to go with the mention compliance outline you mention above.

Thank you very much,
David

Re: Soholaunch and PCI Compliance Question

There is no such thing as an auto-audit for PCI Compliance, by PCI.org, at Vodahost or any other hosting provider. There IS, however, a big difference in the types of SSL Certs available on the market, and any type of compliance with regard to SSL would be focused upon specifically whether or not the Cert is issued for a single Domain or multiple (as would be the "Wildcard" SSL Cert from Go Daddy), as anything but a single Domain Cert (singular issue) would lack the real-time verification linking to the Issuing Authority.

Multiple Domain SSL Certificates (or so-called "Wildcard" SSL Certs) do not offer the same verifiable protection (or compliance) that a Single Domain ("single root") SSL Certificate provides, and is likely the source of non-compliance you say you experienced elsewhere.

A compliant single-domain (single root/"single issue") SSL Cert allows visitors to click on it to view the real-time verification.

Re: Soholaunch and PCI Compliance Question

Ok, then vodahost offer "A compliant single-domain (single root) SSL Cert".

Re: Soholaunch and PCI Compliance Question

YES >> as previously mentioned.