PA-DSS Certified eCommerce Software

Free Download

Features
Version Comparison
VevoCart Community
VevoCart Premium
VevoCart Multi-Vendor Marketplace
VevoCart Templates
PA-DSS Certified
Payment Gateway Supported
FAQs
What's New

Design Integration
Customization
Installation
Support Plan

VevoCart Premium
VevoCart Multi-Vendor Marketplace
More Store License for Premium
Copyright Removal License
Version Upgrade
VevoCart Templates
Volume Discount
Support Plan
Update to Latest Release

Documentation
Customer Site
Ecommerce Articles
Customer Account
FAQs

VevoPay

The PCI And PA-DSS Compliant Payment Application

VevoPay is an ASP.NET PA-DSS certified payment application which is designed and implemented to meet all PCI DSS requirements (PCI Data Security Standard).

VevoPay has been fully audited by the qualified assessor and is a PA-DSS officially certified payment application.

VevoPay Key Security Implementations

Please note that a PA-DSS Certified Application must implement all PCI requirements and audited by qualified security assessor (QSA), which is officially approved by the PCI council.

Please be careful of applications claiming as PCI or PA-DSS compliant but have not been audited by security assessors. Some of the open-source and commercial e-commerce solutions that claim to be PCI compliance do not pass even the simplest PCI DSS requirements in our testing.

VevoPay implements PA-DSS requirements, which include numerous security features such as:

Credit card and sensitive stealing prevention
Secure authentication
Payment logging
Proper error handling
Secure cryptographic storage
Secure communication
Role-based access control
Cross Site Scripting Flaws prevention
Injection Flaws prevention
Malicious File Execution prevention
Secure Direct Object Reference
Cross-site request forgery (CSRF) prevention

Why PCI and PA-DSS Compliant?

The PCI Data Security Standard (PCI DSS) is the payment security requirement for e-commerce merchants who accept credit cards. E-commerce business must adhere to this security requirement to protect both customers and business information.

The Payment Application Data Security Standard (PA-DSS, also formerly known as PABP) is the security standard for all software vendors, whose applications accept credit cards. The standard is based on PCI DSS requirements.

The PCI DSS is the global standard and is applied to all e-commerce systems that accept credit card information.

Visa has also officially announced the mandates that all payment applications need to be PA-DSS compliant.

http://usa.visa.com/merchants/risk_management/cisp_payment_applications.html

How Does VevoPay Fit in Your PCI Compliant Plan?

The scope of PCI includes software, hardware, networks, and other security components. VevoPay is a PA-DSS certified application. So, the software is already compliant with the PCI and can be used straightforwardly in your PCI compliant system.

Also, VevoPay runs as a separated web application from your e-commerce stores to receive credit card information. This approach will take your e-commerce software completely out of PCI scope, only VevoPay will need to be conformed to the PCI DSS. This greatly reduces your work for implementing PCI compliant system.

The PA-DSS Implementation Guide explains how you can use VevoPay to achieve PCI DSS compliant system. Please consult this guide and other PCI-related requirements and documents from the PCI council website (https://www.pcisecuritystandards.org).

About the PCI Data Security Standard (PCI DSS)

The PCI DSS is a group of principles and accompanying requirements. Below is the overview of PCI DSS requirements.

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security

For more informaiton, please visit https://www.pcisecuritystandards.org/

Products

Solutions

Support