Results 1 to 4 of 4
  1. #1
    Junior Member
    Join Date
    Feb 2005
    Near Boston MA, USA

    Default Mandatory deadline to become PA-DSS Validated

    Today I received an email from Miva Merchant re: IMPORTANT AND CRITICAL UPDATE FOR ALL 5.5 STOREOWNERS. I'm sure everyone with a Miva store got it.

    Although I've upgraded the software, I looked at the PA-DSS checklist within the store and we are passing only 6 out of 21 items.

    What are the consequences of not meeting these requirements?

    Some items on the list seem pretty simple. But with some, I'm afraid of a cascading effect where you change one thing and soon learn that it has effected something else.

    It looks like some items are things that WestHost would have to do. Here are some from the list that failed that pertain to WestHost:

    1) We need Miva Empresa Version v5.07 when it's currently 5.06.
    2) The primary database should not be located on the web server (my site is "localhost")
    3) Primary database should be password encrypted (mine failed, not sure if that's an easy fix)
    4) Private keys stored in secondary database
    5) Private key database on different server than primary database
    6) Private key database password encrypted
    7) All users passwords SHA-1 encrypted

    Tom Rogers
    Tom Rogers Web Design

    Static websites are dead.
    Check out

  2. #2
    Moderator wildjokerdesign's Avatar
    Join Date
    Jun 2003
    Kansas City Mo


    I would contact WestHost direct on this one. While I can see that item 1 is something that they could deal with I doubt that database issue is going to be something they would deal with. You would almost need a second account to deal with those issues I would think or maybe a node over at set up to handle the database stuff. I wonder if this is why they have decided to not offer Miva on new accounts.
    Please remember your charity of choice:

    Handy Links: | Plain Text Editors: EditPlus | Crimson

  3. #3
    Junior Member rweight's Avatar
    Join Date
    Apr 2008

    Default PA-DSS Compliance

    The PA DSS Validation applies to applications or modules that are provided for credit card processing. As per the following from the PCI security counsel at

    Q. What part of the payment transaction process is addressed by the PA-DSS?
    A. The PA-DSS applies to software vendors and others who develop payment
    applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third-parties.

    Payment applications validated per PA-DSS, when implemented in a PCI
    DSS-compliant environment, will minimize the potential for security breaches leading to compromises of full magnetic stripe data, card validation codes and values (CAV2, CID, CVC2, and CVV2), PINs and PIN blocks, and the damaging fraud resulting from these breaches. Internally developed
    applications that are not sold or distributed to third-parties are not subject to PCI PA-DSS but are subject to PCI DSS.

    As such you should be able to ignore the PA-DSS issues, as those should be
    handled directly by the payment gateways or developers of applications that
    handle credit card processing.

  4. #4



    We are happy to help you get Empresa upgraded to the newest version. To any clients that have this same issue, please submit a ticket to us at and we will get that taken care of. Regarding the other items in your list, we are still working with Miva to clarify what needs to happen on our end as the host. Once that is fully clarified, we will post a followup with a more definite answer.

    Dustin Olson
    Technical Support Manager

    Believe in Better Hosting

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts