PCI;DSS Compliances

Hi,
in order to be PCI:DSS compliant most smaller sites will now want to redirect the credit card entry form directly to the payment gateway. If joomla (or Event Booking) receive the credit card details from the form then we need the whole infrastructure to be PCI:DSS compliant. This is getting to be a common requirement.

eWay, amongst others, offers this by allowing you to direct the client form to post directly to it, it processes the payment then redirects the client back to the site.

Do you currently support this with either eWay module?
Do you plan to support it?
Do you support any PCI:DSS compliant gateway module?

Thanks,
Russell

Hi Russell

Unfortunately, we don't have an EWay redirect payment plugin. With the current Eway payment plugin, customers will enter credit card information directly on the site to process payment, not redirecting to Eway.

I don't have experience with PCI:DSS compliant, so I am not sure what gateway to use. Maybe consider using payment plugins such as Paypal, Authorize.net SIM, DPS PxPay...(these plugins use redirect model).

Tuan

Hi Tuan, I'm in the same boat as Russel.
PCI:DSS compliance are the credit card fraud prevention rules that you are required to adhere to if you store credit card data.
Eway offer a direct post option, which means that you don't have to store any credit card data - i don't believe it's a redirect, but either way it would be ideal to have an option that either direct posts or any option so that no credit card data is stored on the host website..

thank you.

Hi ALL

On all of our payment plugins, we don't store any credit card data in the website. It will either redirect users to payment gateway or post the credit card information to the payment gateway.

We don't store credit card information, so if you say so, I believe all our payment plugins are PCI compliance .

Tuan

Thanks for that Tuan!

My understanding is that it doesn't matter about storing the credit card details, the site cannot have access to the credit card details or it needs to be PCI:DSS compliant. In order to use this module and not have to conform to PCI;DSS on the website you'd need the credit card submission form to submit directly to the payment gateway, the credit card details can't be passed through the event booking software.

Would it be possible to provide an eWay modue that uses their hosted solution so the credit card details are never submitted to the joomla site?

Hi Russell

To be honest, we don't have a plan to add it to the extension very soon. So maybe you should consider hiring a developer to develop the module for you ? Or maybe support us by funding the development ?

I will try to look at Eway documentation next week to see whether we can add it to the extension soon !

Regards,

Tuan

Tuan,
couple more questions;
1. Is it possible to have it setup so there can be multiple eWay accounts? Basically, we have 6 eWay accounts and depending on the location of the event (different cities) we need payments into different accounts (for example events in Sydney would be configured with the eWay details for the Sydney branch, events in Melbourne would be configured with the Melbourne branch)

2. What would the development costs be for us to fund the eWay module with support for their hosted solution approximately? This is something we'd seriously consider as most of the rest of the package does what we need.

3. If you don't support the details in (1) above - that is different eWay accounts for different events, what would the cost be for us to fund the development?

4. I've been trying to work out if you can do different pricing for an event based on Joomla group membership? We'd like to use your membership system to so if the user has paid for membership and is in the "Paid Member" group the base event price would be $6, if the user is in the group "Registered but non-member" the base event fee would be $16. Can this be done?

Thanks