Can I ask if s2member i pci compliant? Given that any site taking payments within their site (i.e. using paypal website payments pro) and where users stay on their site to input credit card details need to be pci compliant, have any other s2member pro users gone through this process?
As we use the s2member pro plugin (as a pro form) and some of the questions we need to answer to get compliance involve analysing every system component we also need to know if s2member as a plugin is pci compliant?
Many thanks
PCI compliance
s2Member Plugin. A Membership plugin for WordPress®.
2 posts
• Page 1 of 1
PCI compliance
by accessart » January 16th, 2012, 7:44 am
-
accessart - Registered User
- Posts: 21
- Joined: June 24, 2010
Re: PCI compliance
by Raam Dev » January 16th, 2012, 9:43 pm
Hi accessart,
You will need to host your s2Member Pro Forms on an SSL enabled site to comply with PCI:
Do I need an SSL certificate to use PayPal® Pro or Authorize.Net®?
Also, if you're running s2Member Pro Forms, you'll want to make sure that your hosting platform is PCI compliant (i.e. it needs to be VERY secure and up-to-date). If you run your own dedicated server, this is going to require some maintenance on the part of a site owner.
You can read more about PCI compliance and web hosting here.
You will need to host your s2Member Pro Forms on an SSL enabled site to comply with PCI:
Do I need an SSL certificate to use PayPal® Pro or Authorize.Net®?
If you're using s2Member's Pro Forms, then yes. In order to comply with PayPal®, Authorize.Net® and PCI Compliance policies, as set forth by major credit card companies; you will need to host all of your Pro Forms on an SSL enabled site. Please check with your hosting provider to ask about obtaining an SSL certificate for your domain. Please note... when you create Pro Forms using the Form Generators provided by s2Member; you'll be supplied with WordPress® Shortcodes, which you'll insert into Posts/Pages of your choosing. These special Posts/Pages will need to be displayed in SSL mode, using links that start with ( https:// ). In other words, when you link to these Posts/Pages, you'll need to make sure your links start with https://.
You can skip the SSL certificate during Development/Sandbox testing. SSL is not required until you officially go live. Once you're live, you can add the Custom Field s2member_force_ssl -> yes to any Post/Page. s2Member will buffer output on those special Posts/Pages, converting everything over to https:// for you automatically, and forcing those specific Posts/Pages to be viewed over a secure SSL connection; so long as your server supports the https protocol. This will help you eliminate the dreaded Secure/Insecure errors in Internet Explorer®. If your server runs SSL over a special port number, or your server requires the port number to actually be in the URL ( i.e. HOST:port ), you can set s2member_force_ssl -> 443; or to whatever port you need.
Also, if you're running s2Member Pro Forms, you'll want to make sure that your hosting platform is PCI compliant (i.e. it needs to be VERY secure and up-to-date). If you run your own dedicated server, this is going to require some maintenance on the part of a site owner.
You can read more about PCI compliance and web hosting here.
-
Raam Dev - Developer
- Posts: 810
- Joined: October 26, 2011
2 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 1 guest