Ecommerce & SSL 3.0 – PCI Compliance


Notice to all Zen Cart owner’s who ARE or plan to process credit cards in
their stores:

In pursuance of the PCI Security Standards Council’s current license agreement (10/2008), SSL Version 2.0 with previously noted vulnerabilities will no longer be supported by credit card gateways.

Authorize.net
, has specifically decided to drop all legacy support for SSL V. 2.0 during the week of March 16 – 20, 2009. If you plan to accept credit cards you will need to be certain your web hosting is not only designed for your
Zen Cart, but also that the web host is PCI compliant with V. 3.0 SSL as well as the other PCI standards required & recommended.

Authorize.net has clearly noted the following in a recent email alert.

Failure to upgrade their applications or integrations may result in a lost
ability to successfully process transactions via the Authorize.Net Payment
Gateway.

You are advised to contact your web host and/or web developer immediately to secure proper SSL 3.0 if your web host has not already upgraded. The upgrade should yield little or no downtime or disturbance.
Please note that this is no mistake and if you do not have SSL 3.0 compliant hosting, you will not be able to continue to process credit cards, as the gateway communications MUST be transmitted via SSL 3.0. SSL 2.0 is no longer supported under the compliance requirements. For additional support please contact your credit card processing provider.