Does Site Store Pro store credit card information and do i need a PCI compliance scan on my online store?
Site Store Pro does not store any credit card or billing information and only stores the customer's shipping-related information (name, address, phone number, email). For optimum data security and PCI compliance, credit card information is sent directly to the payment processor for authorization and never saved in the database under any circumstances.NOTE: We will not assist and expressly prohibit any online store owner or developer from modifying Site Store Pro to save and store credit card data to their server. (There are no exceptions to this policy so please do not ask if we can do it for your installation.)
If your online store will be transmitting credit card information to a third party processor for approval, you must setup your checkout system to use SSL (https://). Site Store Pro works with both same domain and shared SSL certificates. However, for PCI compliance you must be using a SSL certificate that matches the domain of your website. (shared SSL certificates from your hosting provider are not allowed for full PCI compliance) All merchants who will be transmitting credit card information from their website to their payment processor must have quarterly PCI compliance scans by an approved ASV vendor to be compliant with requirement 11.2 of the PCI Data Security Standard. (Minimum 1 Scan every 90 Days or 4 Scans Per Year).Site Store Pro is PA/DSS compliant in its default configuration when hosted on a server that passes current PCI/DSS compliance scans. However, due to other applications you may be running on your server and your server's specific version and configuration settings, you should have your website frequently scanned and verified PCI compliant.