ClearCart Sign Up   •   Support   •   Contact

Learn about ClearCart
About us
Try out the cart
Explore the features
Meet our customers
Is ClearCart a good fit?
What we believe
Purchase
Buy ClearCart
SSL certificates
PCI compliance
Get Started
Accepting credit cards
Hiring a designer
SEO resources
FAQ/Knowledgebase
Get support
More to Explore
More resources
Projects we love
Marketing tools
PCI Compliance
We have you covered: our partnership program offers our customers the simplest and most cost-effective means of establishing PCI Compliance.
 Butterfly
 

PCI Compliance with DRG SecureScan

PCI (Payment Card Industry) Compliance is the process of proving to your merchant bank that your site is secure for credit card transactions. Due to the extreme headaches PCI Compliance can inspire, we are committed to helping our customers establish compliance in the simplest way possible. To that end, we have partnered with a PCI scanning vendor (Digital Resources Group) to establish ClearCart's compliance, and create a streamlined process for our individual customers to become compliant themselves.

Is PCI a legal requirement?

PCI Compliance is a set of standards created by the major credit card issuers. The purpose of PCI is to ensure the security of credit card transactions. All members of the payment card industry—merchants like you, banks, credit card companies, etc.—must comply with these standards. This is not currently a legal requirement, but it is, increasingly, a requirement in the eyes of credit card companies and consumers.

How does the PCI Compliance process work?

First, a lot has been done for you. ClearCart has already undergone rigorous PCI Compliance scanning using the Qualsys PCI Scanning service. We have taken care of all the technical parts of establishing secure protocols, testing for vulnerabilities, and correcting any issues found by the scan. This process is done every quarter to ensure ongoing compliance.

Because the software itself is already certified as PCI Compliant, the only thing left to do is take a "Self-Assessment Questionnaire" (SAQ) each year. Because ClearCart does not allow storing credit card data, and because the ClearCart software is regularly scanned for PCI compliance, ClearCart merchants benefit by being eligible to fill out the simplest form available. We provide a document that steps you through each question to make it a simple as possible. Questionairres usally take about half an hour to complete.

Once this process is completed and your answers are verified by our PCI partner, you will receive a PDF report stating your site is PCI compliant. You can send this to your merchant bank as proof of compliance. It is also recommended you save your reports in your records going back a minimum of 3 years.

Can I use a different PCI vendor?

Yes. Unfortunately, each scanning service looks for slightly different vulnerabilities, has slightly different requirements, and can have vastly different tools for reporting and resolving issues, with varying degrees of usability (see aforementioned extreme headaches). Consequently, it is often a long and somewhat painful process (for both of us) such that we cannot support it for free. Our fee for PCI Compliance help and resolution for non-partner vendors is $100/hour.

We have put a lot of effort into bringing you the ease and efficiency of our partnership program and we believe it is a good value and that you will be happy with it.

What is the cost?

The partnership price is $250/year -- half the cost of purchasing the Qualys PCI solution directly from DRG.

© 2005-2010 ClearCart Shopping Cart Software Contact Us Portland, OR
Terms & Conditions   Privacy Policy 1-800-662-7395 Dwell in Possibility