PCI Compliance
Gahela Commerce takes security seriously, and PCI compliance is an important part of accepting payments online. PCI compliance regulations are an extra burden when running your web store, but it is one that cannot be ignored. If your site is ever compromised and a hacker gains credit card data through your store, you will face both fines and lawsuits.
Some shopping cart software simply ignores the requirements, some offer expensive module add-ons, and some redirect from your site to an offline payment processor. These are not good solutions. They create extra steps when checking out, which adds to shopping cart abandonment, bug filled iframes on your checkout, or expensive module installs, forced upgrades, and numerous other hassles for your customers.
Gahela Commerce avoids all of this by supporting modern methods to submit payments, namely Transparent Redirects and Direct Posts to the cc processor.
What are Transparent Redirects and Direct Posts?
A Transparent Redirect or Direct Post is when instead of sending credit card data through your web server it is sent directly to the Credit Card processing merchant bank. This technology is completely transparent to the customer. Your customer enters their credit card data on the checkout page, they press submit and Gahela Commerce sends the data in multiple http streams to different servers.
As you can see, the credit card data goes to your merchant bank, and the merchant bank sends an approved or denied message to Gahela Commerce to process or decline the order. The only data going to your server is the customer's registration data.
Using your merchant banks servers to process sensitive data, greatly cuts down your risk exposure, and consequently reduces the effort required to validate compliance. In most cases, you can be PCI compliant with the easy Self Assessment Questionnaire. The requirements vary and you should contact your individual credit card processor and/or merchant bank to confirm the requirements for your website.