Hi,

I was wondering if you can help, I am a bit worried about the whole security aspect of Sage Pay and getting the PCI DSS compliance for the Direct Payment System - does anyone know how to get this to work or if there is a way of using their inframe system although there isn't a module for this.

I've been looking to see if there are any answers out there but as am a designer rather than a developer I am struggling a bit.

Cheers.

Comments

Tony Sharpe’s picture

I use the direct payment gateway and have tested the site as PCI compliant (No critical failures). It required the hosting company to tweak a few things first to plug some holes after I tested.
Tony

longwave’s picture

I have also passed PCI validation tests using both 6.x-1.x and 6.x-2.x versions of this module; the tests look at your site from an external point of view and don't audit or verify the code that is actually running. Dedicated servers and VPSes with a standard, secure Linux setup and and a few configuration tweaks to Apache are sufficient to pass. Shared hosting can be a different matter, and you may partially be relying on other users on the server keeping their sites secure.

There was previous discussion of this in #538132: PCI DSS compliance for Sage pay - perhaps I should add something to the project page about it?

Tony Sharpe’s picture

Just to add that mine's on shared hosting and it's Drupal 5, Ubercart 1 using selective secure pages.

yetihunter1000’s picture

Hi again,

Thank you for replying so quickly on this and I think I will give this a go and I'm guessing that the company is on a shared hosting.

Do you think the hosting company's ssl be will sufficient enough or should I go to an external company (although they seem very expensive). The other thing is testing, can you suggest the best way to go about this ?

Apologies for the further questions but I am very green on this side of things.

Thanks again.

longwave’s picture

The easiest way to find out will be to ask your hosting company whether their servers are compliant or not.

longwave’s picture

Category: feature » support
yetihunter1000’s picture

Will do - thanks for the information.

hanoii’s picture

Status: Active » Closed (fixed)

Just entered the some key comments (mainly #2) on the project page so I am really closing this issue.