I've been evaluating ViArt and am finding it to be a great shopping cart. But if its not going to be PA-DSS compliant by the mandate deadline I won't be able to use it.
Where is ViArt at with PA-DSS certification? The VISA mandate that reads "Acquirers must ensure their merchants, VNPs and agents use only PA-DSS compliant applications" takes effect this July 1, 2010 for US and Canadian merchants.
Gecko - for something as critical as this I recommend you submit this to Viart on a support ticket - and add any responses here for the benefit of fellow US/Canadian users.
Perhaps someone from your part of this world already has some information and will respond, but you clearly have limited time so I recommend contacting Viart direct now.
31 Jan 2010 10:36 PM
I did try that a while back and what I got was "If this is a future requirement to be able to take Visa payments I'm certain Viart will meet its' requirements for the large number of our customers that depend on this, however I am not in a position to be able to offer a 100% guarantee on this."
All well and good but the problem is that PA-DSS certification isn't just a couple of tweaks to the software they can do at the last minute. They need to hire a PA-QSA to do the assessment and testing. Certification can take several months and cost tens of thousands dollars. If they haven't started by now they probably won't meet the deadline.
VISA Europe is giving European merchants until 2012 to comply with the PA-DSS mandate. Since ViArt is a UK company they might not yet be aware of the earlier deadline in the US. But the mandate is for merchants so their US customers will be hung out to dry come July if they don't do something quickly.
1 Feb 2010 9:38 PM
Is this not only relevant when doing Visa processing yourself? We work with payment companies like PayPal, Moneybookers, etc. and I would think it is their job to be compliant in this case?
2 Feb 2010 12:26 AM
It applies if credit card numbers are stored, processed or transmitted by the software you buy. If you use the Paypal option where the credit card information is entered on the Paypal site (yuck) then no it doesn't apply. If you use Paypal Payflow pro, Authorize.Net or another gateway where the customer never leaves your site then it applies.