http://65.74.171.210/forums/43/topics/279 en-us 60 <p>Jochen,</p> <p>Mike&#8217;s correct. There is nothing in Active Merchant that will make you <span class="caps">PCI DSS</span>-compliant, but it doesn&#8217;t open any gaps that aren&#8217;t there anyways. Disclosure time: I work for <a href="http://www.braintreepaymentsolutions">Braintree</a>, so please check on facts, don&#8217;t just take my word for it. :)</p> <p>In reality, no solution gives you <span class="caps">PCI</span> compliance out-of-the-box, and be wary of companies who claim that. We do have a solution that removes almost all of the 230+ <span class="caps">PCI DSS</span> controls from the scope of your environment by ensuring that no customer sensitive credit card data touches your environment, reducing your in-scope controls to ~10. Unlike Paypal, Google Checkout, or Amazon <span class="caps">FPS</span>, we do this transparent to your users, so they never see our involvement at all.</p> <p>I don&#8217;t want to hijack this thread at all, but if you&#8217;re interested in talking further, you can find me on the <a href="http://developer.getbraintree.com">Braintree Developer Community</a>.</p> <p>For anyone else, a great resource for <span class="caps">PCI DSS</span> compliance is the <a href="http://www.pcianswers.com"><span class="caps">PCI</span> Answers Blog</a>, run by The Aegenis Group.</p> Fri, 07 Mar 2008 20:13:08 -0000 65.74.171.210:43:279:2405 Joshua Schairbaum http://65.74.171.210/forums/43/topics/279 <p>Using ActiveMerchant doesn&#8217;t mean you&#8217;re automatically <span class="caps">PCI DSS</span> compliant. ActiveMerchant by itself doesn&#8217;t do anything that would make you not compliant. However, being <span class="caps">PCI DSS</span> compliant is a lot more than just the code. It stipulates things like access control, monitoring the server room, auditing, documentation, etc.</p> Mon, 03 Mar 2008 14:47:24 -0000 65.74.171.210:43:279:2364 Mike Clark http://65.74.171.210/forums/43/topics/279 <p>So, on March, 2nd, this was renumbered recipe 35,<br />and within &#8216;Discussion&#8217; the bullet referring to &#8216;the setup&#8217; just got removed.<br />Smart approach to getting rid of a problem.<br />But the question remains&#8212;although it might well be,<br />that it gets answered now somehow anywhere within the recipe text.</p> <p>Just removing the bullet may solve the issue for somebody,<br />who reads this recipe w/o knowing its history,<br />but now, that some doubt arose inside me,<br />how can I forget it?</p> Mon, 03 Mar 2008 01:33:09 -0000 65.74.171.210:43:279:2360 Jochen Hayek http://65.74.171.210/forums/43/topics/279 <p>Good question, and I&#8217;ll ask the author so we can clarify it in the next revisions. Feel free to file any more errata on the errata page.</p> <p>Thanks!</p> Wed, 27 Feb 2008 19:07:37 -0000 65.74.171.210:43:279:2345 Mike Clark http://65.74.171.210/forums/43/topics/279 <p>Within the section &#8216;Discussion&#8217; Cody Fauser writes,<br />that &#8216;all other aspects of the <span class="caps">PCI DSS</span> are met by the setup&#8217;.</p> <p>Justing referring to &#8216;the setup&#8217; is a little (pls forgive me) wish-wash.</p> <p>So does that <strong>reliably</strong> mean,<br />that active_merchant itself is &#8216;PCI <span class="caps">DSS</span>&#8217;-safe?</p> Wed, 27 Feb 2008 11:37:11 -0000 65.74.171.210:43:279:2341 Jochen Hayek http://65.74.171.210/forums/43/topics/279