Securing credit card transactions is an important yet daunting task for most eCommerce merchants. And while the community sponsored Drupal PCI Compliance White paper has helped bring awareness and clarity to the topic, important questions still remain. Do you have any unanswered questions or constructive feedback?
It’s been almost two years since my colleagues and I released the first version of the Drupal PCI Compliance white paper. Since then it’s been incredibly rewarding to watch the conversations evolve in the issue queues, within twitter threads, and during person conversations. Rather than ignore the topic altogether, individuals are tackling it head on and having meaningful conversations. Rather than falling back on speculation and hearsay, individuals are referencing specific parts of the specification. Best of all, I’m seeing more and more evidence of people using this information during their selection process of a payment gateway. Overall, I’m thrilled to see this level of progress.
And yet despite this progress, we still have a long way to go as a community. Recently I’ve become involved in the Commerce Braintree and Commerce Stripe issue queues to help review the new (and awesome) iframe solutions. During that process, a lot of questions came up regarding whether or not these modules were truly PCI 3.0 SAQ A compatible or not. These are great questions, but it leaves me asking a few questions:
- Are these users aware of the white paper?
- Is the white paper thorough enough in answering these questions?
- Is the white paper enough? Do we need a shorter distillation (infographic?) or a more succinct executive summary?
To that end I’m soliciting feedback from the community, and that means you! Are you aware of the paper? Did it adequately summarize the important nuances around the subject matter? Do you have more questions? Can we make it any clearer?
If you’re willing to provide said feedback, please either leave a comment below OR submit an issue directly to the github project’s issue page. And thanks in advance. Any improvements that can be made will benefit all users that ultimately build and/or operate a Drupal eCommerce site.
Finally, a huge thanks for the white paper sponsors: Applied Trust, CARD.com, CrossFunctional, Commerce Guys, NEWMEDIA, Towsend Security, Hosted PCI, and Copperly. Your support went far beyond anything monetary. Your confidence in me to get the job done is something I’ll always be grateful for.