The Cardholder Information Security Program (CISP) is a set of rules established by Visa for securing your computer systems and data from unauthorized access and loss of credit card information. These rules have been in place for several years and were required of large credit card processors, but were only recommendations for most merchants accepting credit cards.

The short answer is no. But the thing is that it's not supposed to be a PCI/CISP certified product itself since X-Cart is neither a payment gateway, nor a financial organization charging credit cards, nor is it a hosted e-commerce solution. X-Cart is a standalone e-commerce application which can be integrated with any of supported payment gateways and used on any compatible hosting server.

There are slightly different rules for different credit card issuers. For Visa, any merchant processing over 500,000 transactions a year must comply with PCI-CISP rules. For Mastercard, any merchant accepting $125,000 in transactions in a month must comply with PCI-CISP rules. Other card issuers have different rules. Almost all card issuers reserve the right to require any merchant to meet the rules, and any loss of data will certainly result in audit and rules requirements.

A:Each card issuer (Visa, Mastercard, etc.) can provide you with information about the PCI data security standard. In addition to the PCI standard you can get information on how to start planning for the implementation, who can help you with compliance audits, and initial self-audits. You can access the Visa web site at www.visa.com. Click on the link for Merchants, and then search on PCI or CISP. You will find a great deal of information on PCI and CISP in the public area for Merchants.

Yes, LinkPoint is CISP (PCI) compliant. You can find LinkPoint on the list of compliant service providers (PDF, 134k) found on the Visa web site. For more information on CISP compliance you can visit the Visa web site. The LinkPoint payment gateway does not include a shopping cart, instead you can you use either LinkPoint API or Connect to integrate with your web site. LinkPoint Connect will allow you to add a buy now button to your web site.

A:Any merchant who processes more than 6 million transactions a year, or who is required by another card brand to submit to audit, or who has experienced a data loss, must pass a PCI-CISP audit by an independent assessor. Visa publishes a list of companies who can perform a PCI-CISP assessment of your compliance with the Visa rules. You can also access the list on our web site at:

The PCI-CISP rules require that you use “strong encryption” and reference Triple DES and 256-bit AES encryption as examples. The term “strong encryption” is not defined and is therefore somewhat vague. There are several encryption algorithms that could be considered as “strong encryption.

There is no direct relationship between PCI-CISP rules and the California Privacy Notification law (SB1386). The PCI-CISP rules are payment industry and Visa rules required of merchants using their system. You are obligated to follow these rules as a part of your merchant agreement. The California Privacy Notification law affects any merchant selling products in California.

There is no direct relationship between Sarbanes-Oxley and GLBA, and PCI-CISP. However, there are many IT security requirements in the Sarbanes-Oxley Act. You can be sure that securing all sensitive information in your iSeries database files will fall under the purview of a SOX audit.

PayPal meets the Payment Card Industry Data Security Standard (PCI) required by American Express, Visa U.S.A., MasterCard International, Discover.

Yes, this program is mandatory for all merchants that store, process or transmit through Visa® and MasterCard®.

Total security is possible only if specific objectives are defined and achieved during every step of the design process for each brokerage tool. Please consult our security standards for more details.

Validation and enforcement is the responsibility of the acquiring financial institution or payment processor. For each instance of non-compliance, these organizations levy various penalties onto merchants and service providers which can include: Comodo HackerGuardian provides a range of services that make PCI compliance easy. Find out which service is right for you at www.hackerguardian.com

Yes. We have strict policies about keeping our software up to date and take every measure to ensure a secure environment.

The B.2.2 security control standards were selected for their applicability to the mail industry. Sources included: the Mail Security Task Force, which represents the USPS and mailing industry, the Postal Inspection Service, the American Society for Industrial Security, and the Bureau of Customs and Border Protection. In addition, mailers who volunteered to undergo reviews as part of our pilot program in FY 2003 provided feedback.

The new standards have been developed to protect the confidentiality, integrity, and availability of Protected Health Information (PHI).

No existing standard provides uniform, comprehensive protection of individual health information. HIPAA mandates new security standards to protect an individual’s health information, while permitting the appropriate access and use of that information by health care providers, clearinghouses, and health plans.

The Payment Card Industry Standards, Security Audit Procedures, Self-Assessment Questionnaire, and Security Scanning Requirements are effective immediately.