UltraCart PCI Compliance

Introduction

PCI compliance is an important part of your online store, and requires that you and your vendors, such as UltraCart and your payment gateway, work together to make sure that each step in the payment process is performed with the appropriate controls and safeguards.  To this end, your merchant account provider/gateway may require you to submit proof of PCI Compliance.  The following should help you deal with this requirement.

Caveat Emptor

PCI compliance is a complex process that has many parts. While we strive to provide the most accurate and timely information possible, we cannot guarantee that the information we provide is the most recent and accurate at the time you access this page. Therefore, this information is presented AS-IS. You should contact your legal counsel or a qualified PCI consulting organization if you are unsure of any of the requirements or guidelines.

PCI Level 1 Certification

UltraCart is a PCI level 1 certified service provider.  You can read more about our compliance efforts and status at http://www.ultracart.com/resources/pci-compliance/

Verification with VISA / MasterCard

Your payment gateway or merchant account provider may require proof of UltraCart's PCI Level 1 Compliance.  You can search the list of such vendors at the following web sites.

Self Assessment Questionnaire

If you are categorized as a Level 2 or greater merchant by either Visa or MasterCard (or both), then you are required to complete a PCI Self Assessment Questionnaire (SAQ), as well as possess a Certificate of Compliance provided by a PCI Approved Scanning Vendor.   To begin, you should read this document to determine which type of SAQ you must complete:

https://www.pcisecuritystandards.org/documents/pci_dss_SAQ_Instr_Guide_v2.1.pdf

After you have determined the SAQ required, visit the PCI DSS website, and click on the section labelled SAQ:

https://www.pcisecuritystandards.org/security_standards/documents.php?agreements=pcidss&association=pcidss

Third Party Scanning

UltraCart utilizes the services of a PCI Approved Scanning Vendor (ASV) to perform daily security checks on our platform.  If you, or one of your service providers, requires a copy of this scanning report, you may download it from this page: 
https://s3.amazonaws.com/ultracartsff/UC/61/documents/UltraCart-PCI-DSS-v3.2-SP-Certificate-1August2016.07.05.16.pdf

If your merchant account provider/gateway requires that you have a Certificate of Compliance that includes your company name rather than UltraCart's, you will need to purchase PCI scanning services of your own. You can view a list of approved scanning vendors at the PCI website.

HackerGuardian

UltraCart recommends HackerGuardian, a service provided by Comodo CA Ltd., a PCI Approved Scanning Vendor.  For more information about HackerGuardian go to:

http://www.hackerguardian.com

SSL Certificate

Once you've signed up, you will need to specify the internet addresses of the servers you use to operate your online store.  Typically, this will include your hosting server, your e-mail server, and one or more UltraCart front-end servers.  For merchants who do not have a Custom SSL certificate, you should specify the address of 74.116.32.25 for your secure shopping cart server address.  If you have a Custom SSL certificate on your account, please contact UltraCart Support at (209) 383-9870 for assistance in determining your secure shopping cart server address.