I'm evaluating the several ecommerce solutions available for DNN and I'm finding myself a bit befuddled by the answers I'm finding. I'm concerened about PABP and PA-DSS Compliance (understanding that one does not denote the other). I've used ASPDNSF ML in the past, and have not had good client experiences - confusing options, cryptic documentation, seemingly redundant options (Departments / Catagories). It's also been brought to my attention that while ML is compliant, the DNN version is *not*. I've yet to understand where the breakdown is, whether it's in the storage of data or the setup of SSL pages for the module.
My clients would fall into Tier 4 (according to Visa):
Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually
And best I can tell, the general compliance requirements are: (http://usa.visa.com/merchants/risk_management/cisp_payment_applications.html)
| I |
Newly boarded merchants must not use known vulnerable payment applications, and VisaNet Processors (VNPs) and agents must not certify new payment applications to their platforms that are known vulnerable payment applications |
1/1/08 |
| II |
VNPs and agents must only certify new payment applications to their platforms that are PA-DSS-compliant |
7/1/08 |
| III |
Newly boarded Level 3 and 4 merchants must be PCI DSS compliant or use PA-DSS-compliant applications* |
10/1/08 |
| IV |
VNPs and agents must decertify all vulnerable payment applications** |
10/1/09 |
| V |
Acquirers must ensure their merchants, VNPs and agents use only PA-DSS compliant applications*** |
7/1/10 |
Basically, has anyone worked with ASPDNSF/DNN and can offer any detailed insight as to whether it's any more/less user friendly or where the PA-DSS compliance is breaking down?
Also, I've written the folks at Catalook and I'm still deciphering the response, I would appreciate any input or anectodes?
Thanks!