According to new MC/Visa regulations, all merchants processing credit cards on their websites must be compliant to PCI-DSS standarts.
There is a simple rule. If customers are entering credit cards on your website, your website must be compliant to PCI-DSS. Compliance is required even if credit card info is not stored in your database. If you are using credit card processors in mode when credit card info is asked on their websites, like PayPal Standart, WorldPay, 2Checkout.Com, Authorize.Net SIM – you do not need PCI compliance and you have nothing to worry about.
If customers are asked for credit card info on your website – like it is done for Authorize.Net AIM/CIM, PayPal Pro, PayFlow Pro and so on, you need to implement compilance with PCI DSS standarts.
It is not quick to respond it all. In fact, this compliance is not only a software question. Even if we do all we can in aMember Pro, it will be anyway not enough. Additional steps must be done by your server system administrators to make sure your setup is secure and matches all standarts. These steps may include:
– you have to setup 2 dedicated servers and a firewall solution between. You need to get physical control on the servers to ensure nobody can access it to get secure data. First server will be handling website tasks, second (database) server must be behind the firewall.
– your system administrator must maintain security updates to the servers;
– you have to order and install SSL certificate and configure aMember to use it – so credit card information is encrypted when it comes from customer to your website;
– track and monitor all access to network resources and cardholder data;
– regularly test security systems and processes.
From our experience, it is almost impossible to do if you are a small membership website owner. Our recommendation is simple: avoid accepting credit card data on your website. Use third-party solutions, like : PayPal Standart, 2Checkout.com, Worldpay.com and others similar.
According to PCI rules, all scripts processing credit cards info must be certified for accordance with special PA DSS standarts. aMember Pro v.4 implements almost all PA DSS requirements with little exceptions (like customer info access logging, etc.). However, aMember Pro v.4 has not yet been certified for PA-DSS.
I have been using the aMember platform for over six years to host my Macintosh Training membership site. The software is very fast, and full of features. From getting subscribers signed up to creating email auto-responders, customizing form options and protecting all kinds of content, these guys do it well. I love aMember not only for it's features but for the support they have provided over the years. Alex and his team are constantly improving and updating the application. The interface they created is easy to navigate, allowing me to make changes to my offers and programs quickly.
Just a quick note to express my appreciation for Amember software and the support of the team behind it. I've been using Amember for many years. Its been a solid performer for my sites and I wouldn't use anything else. Loads of features. Handles just about any job I can throw at it on drawpj.com