OFBiz - Re: Users - Is ofbiz PCI compliant?

OFBiz › OFBiz - User

Re: Users - Is ofbiz PCI compliant?

Posted by BJ Freeman on Jun 04, 2006; 6:24pm
URL: http://ofbiz.116.s1.nabble.com/Users-Is-ofbiz-PCI-compliant-tp139681p139685.html

been a while since I visited their site. it has been updated.
I scanned the cisp_PCI_Self_Assessment_Questionnaire.doc from
http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp_tools_faq.html]
my opion is that ofbiz does as software does comply.
However most of the document has todo with what I mentioned before,
installation of ofbiz.
That is the responsibility of the person installing and maintaining ofbiz.

Blessing, Jeffrey J sent the following on 6/4/06 10:15 AM:

> The best link I've found that describes what PCI compliance is comes from Visa.com:
>
> http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp.html
>
> It appears that PCI compliance is a big (and growing) industry in itself. Most searches turn up companies that offer PCI compliance services (hence the seminar notice earlier :-)
>
> -Jeff
>
> ________________________________
>
> From: [hidden email] on behalf of BJ Freeman
> Sent: Sun 6/4/2006 11:35 AM
> To: OFBiz Users / Usage Discussion
> Subject: Re: [OFBiz] Users - Is ofbiz PCI compliant?
>
>
>
> I have not found a comprehensive list of requirements. If you have a
> link to such requirements, would appreciate it.
>
> Ofbiz does encrypt the CC number.
> Further steps are more in the installation of ofbiz, so the data is not
> avalible from the internet, such as putting ofbiz on the router so it
> can access the db on a private network, not accessible from the Internet.
>
>
> Blessing, Jeffrey J sent the following on 6/4/06 9:28 AM:
>
>>Hey group,
>>
>>I just received the following blurb from Ziff-Davis promoting a seminar next week and I'm wondering: Is OFBiz PCI compliant? Has anyone followed the Payment Card Industry compliance standards? They site hefty fines for those who don't comply with these standards.
>>
>>"It can often be confusing and difficult for organizations to undertake the process of finding out if they are compliant with the Payment Card Industry (PCI) standard, and if they are not compliant, identifying what specific and practical steps they must take to meet the security guidelines. With fines of up to $500,000 being imposed and restrictions being put in place by card companies for organizations who have not yet achieved PCI compliance, merchants have a pressing need to complete their data security efforts around this standard."
>>
>>Just wondering,
>>-Jeff
>>
>>
>>
>>
>>------------------------------------------------------------------------
>>
>>
>>_______________________________________________
>>Users mailing list
>>[hidden email]
>>http://lists.ofbiz.org/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>
>
>
>
> ------------------------------------------------------------------------
>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users

_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users