Have you heard of PA-DSS?

I had never heard of PA-DSS until I bumped into this blog post -
http://www.merchantaccountblog.com/735/pa-dss-and-you-thought-pci-was-a-mess
Its scary beast that has the potential to rip the heart out of open
source e-commerce if the credit card companies come down hard requiring
this.
If you use the ecommerce app I would have a good read of this.

Sam

WOW - thanks for sending that along Sam.

Cheers,
Tim
--
Tim Ruppert
HotWax Media
http://www.hotwaxmedia.com

o:801.649.6594
f:801.649.6595

----- "Sam Hamilton" <[hidden email]> wrote:

> I had never heard of PA-DSS until I bumped into this blog post -
> http://www.merchantaccountblog.com/735/pa-dss-and-you-thought-pci-was-a-mess
> Its scary beast that has the potential to rip the heart out of open
> source e-commerce if the credit card companies come down hard
> requiring
> this.
> If you use the ecommerce app I would have a good read of this.
>
> Sam

Indeed!

Thanks Sam

Jacques

From: "Sam Hamilton" <[hidden email]>
>I had never heard of PA-DSS until I bumped into this blog post -
> http://www.merchantaccountblog.com/735/pa-dss-and-you-thought-pci-was-a-mess
> Its scary beast that has the potential to rip the heart out of open
> source e-commerce if the credit card companies come down hard requiring
> this.
> If you use the ecommerce app I would have a good read of this.
>
> Sam
>

This also means that gateways like pay pro, authorizenet, Paypal gateway
and others will not be valid, since the software the uses them must be
certified.
The will give a big boost to Google checkout and PayPal (IPN), since
they do the processing of the CC and not CC information is returned.


Sam Hamilton sent the following on 5/24/2009 5:04 AM:
--
BJ Freeman
http://www.businessesnetwork.com/automation
http://bjfreeman.elance.com
http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro
Systems Integrator.

Yeah, that sort of thing is concerning. Hopefully they'll have  
requirements that scale with the size of the company like the do for  
PCI. If not then it means for things like OFBiz that it will be more  
expensive when it is possible, and that smaller services companies  
will have a hard time competing, which would be a real shame.

On the other hand, it would open up a market for those who do these,  
and perhaps if they specialize in doing these audits for a particular  
software package they can get the price down from these astronomical  
highs.

I haven't looked into what other CC companies are doing about, but  
maybe this will be a big break for cards that are not either "Visa" or  
"MasterCard"... ;) Wouldn't that be funny, online shops that only take  
AmEx and Discover instead of usually not accepting those.

Realistically, as was mentioned, it would probably mean more companies  
using external payment processing like PayPal, Google Checkout, etc,  
etc. With PCI stuff getting more teeth lately I've even heard from a  
few moderately sized shops that are going in this direction (ie no  
local CC storage whatsoever).

-David


On May 24, 2009, at 6:04 AM, Sam Hamilton wrote:

> I had never heard of PA-DSS until I bumped into this blog post - http://www.merchantaccountblog.com/735/pa-dss-and-you-thought-pci-was-a-mess
> Its scary beast that has the potential to rip the heart out of open  
> source e-commerce if the credit card companies come down hard  
> requiring this.
> If you use the ecommerce app I would have a good read of this.
>
> Sam
>