TOPIC: PA-DSS compliance status for PCI?

I did a search on the PCI Standards Council website for your software here: https://www.pcisecuritystandards.org/ap ... agree=true

to see if DTRegister is a validate payment application and I could not find it. Has it passed this qualification and if so can you please point out the proper link? If not, what is the plan and schedule to become compliant?

This will be necessary for all of your PCI compliant customers to know so I a little surprised this information isn't already posted somewhere easily searched on this web site.

We have not done any such certification. I just did some searching on that site and couldn't find any Joomla extensions listed there... like Virtuemart, Tienda or any other ecommerce extension I tried.

We have contacted this site to see what process we need to go through for potential listing.

I do know that many DT Register users have had their site checked (and passed) for PCI compliance. We have made numerous changes over time to make sure DT Register follows the necessary guidelines for compliance.

OK, thank you for the quick response.

Part of the attestation document requires us (the merchant) to ask the software vendor (dthdevelopment) if we "have confirmed with my payment application vendor that my payment system does not store sensitive authentication data after authorization."

I know from reading previous forums posts you have acknowledged addressing PCI issues in the past. Is it true for the current version of DTRegister (2.7.16) that it does not store sensitive authentication data after authorization?

With credit card payments, the card number is never stored. The CVV code is not even stored temporarily due to PCI standards.

Now, if you use our Offline Credit Card option which collects payment info to be processed manually, that data IS stored of course, but it is encrypted first. The CVV code is still not stored at all for this option.

OK thank you again for responding. This is precisely what I need to know.

IS DTH Development actively pursuing PA-DSS certification? My organization's PCI-DSS certification is currently failing due to the fact we choose to use your Sage payment gateway and DTRegister is not listed as a compliant software.

We are faced with two choices at this point. Wait for your product to be certified if that is your plan, or go another direction. You mentioned other customer have achieved compliance. Can you help us to understand how that was accomplished?