PCI Compliance Statement and PABP Standards

Zen Cart PCI Compliance Statement and PABP Standards

PCI DSS Compliance Questions Answered

Common myths about PCI Compliance

Please see the following page for a better understanding of what PCI Compliance is NOT:  https://www.pcisecuritystandards.org/pdfs/pciscc_ten_common_myths.pdf

Answers to the most commonly-asked questions pertaining to Payment Card Industry Data Security Standard compliance

DISCLAIMER: The following answers pertain to a webstore built with default Zen Cart code without any customizations, using only built-in features/modules/capabilities, in the default configuration.
Any customizations you do to your store render these statements incomplete and require that you answer these questions yourself.

  • Question 6.2 Is the software and application development process based on an industry best practice and is information security included throughout the software development life cycle (SDLC) process? Yes

  • Question 6.5 Were the guidelines commonly accepted by the security community (such as Open Web Application Security Project group (www.owasp.org)) taken into account in the development of Web applications? Yes

  • Question 6.6 When authenticating over the Internet, is the application designed to prevent malicious users from trying to determine existing user accounts? Yes

  • Question 6.7 Is sensitive cardholder data stored in cookies secured or encrypted?
    Cookies are not used to store Cardholder data.

  • Question 6.8 Are controls implemented on the server side to prevent SQL injection and other bypassing of client side-input controls? Yes

PABP Standards Compliance

A fresh install of Zen Cart contains several built-in payment modules which connect to an external gateway to do live credit card transaction processing. These built-in gateway modules are designed to be PABP compliant.

One source of information which summarizes PABP compliance can be found here: http://authorize.net/files/developerbestpractices.pdf

Any alterations made to these modules by an individual storeowner, or any addon modules built by third-party developers, may or may not be PABP compliant. The onus is on the store merchant to ensure compliance for satisfying PABP requirements for their own merchant account TOS.


Still have questions? No problem! Just head over to the Zen Cart support forum and ask there.
In your post, please include your Zen Cart and PHP versions, and a link to your site.


Last modified March 23, 2020 by Scott C Wilson (7eff069).