I have been researching setting up an e-commerce system using OS-commerce or CubeCart/ZenCart installed via Fantastico. My initial thought was to use PayPal Direct (the $20 per month option where customers do not need to leave your Web site and the shopping cart communcates with PayPal using the PayPal API).
I then started reading about the PCI (Payment Card Industry) Data Security Standard. This was created when VISA, American Express, Diner's Club, Discover Card, JCB and MasterCard collaborated to produce a set of standards known as the PCI Data Security Standard. All Merchants and Service Providers that handle, transmit, store or process information concerning any of these cards are required to be compliant with PCI as of June 30, 2005. Penalties for non-complaince are severe.
So, say I set up CubeCart, got an SSL certifificate etc I would certainly be handling and transmitting credit card information. I'm not sure whether I would be storing or processing credit card information based on the configuration mentioned above (i.e. CubeCart, SSL), but irrespective of that, it appears that I would need to be compliant with the PCI Data Security Standard.
Has anyone come across this? How would I go about making sure that I was compliant (the standard includes things like making sure data is behind a firewall - something I am sure Total Choice have taken care of)?