PA-DSS, or, Payment Application Data Security Standard, is the set of requirements intended to help software vendors develop secure payment applications for credit card transactions.
In this tab is a lengthy list of features the Miva admin is required to provide to comply with the PCI (Payment Card Industry) security standards. This is not, however, a complete list of all PCI compliance standards.
If you need to upgrade Miva Empresa you will need to contact your Miva admin hosting provider.
Miva Empresa has a logging feature to aid in troubleshooting. When active this test will fail. You will need to contact your hosting provider or Miva support for guidance in deactivating logging for Miva Empresa.
If you're using MivaSQL you will need to have your database converted. If you do not have access to a MySQL control panel and/or database please contact your Miva host to get access to create a database of have them create one for you. You will need the database name and the username/password used to access the database. This user must have ALL privileges granted to it.
This test will not pass if you're using MivaSQL. The MySQL database must reside on a server that is separate from the web server. You will need to contact your Miva hosting provider about setting up a MySQL database on a separate server.
If your database password is not encrypted you will need to step through the Encryption Key Migration Wizard and choose to Leave Private Keys in their Current Location. This will not move anything but it will encrypt the password. The link to the wizard is located at the bottom of the PA-DSS Checklist page.
If logging is enabled please contact your Miva hosting provider or Miva support to get it deactivated.
Your private keys are the keys for your order encryption. To be compliant your private keys must be stored in a database that is separate from your main database. It also must be located on a server that is separate from the server that your primary database is on. Step through the Encryption Key Migration Wizard to move it to a second MySQL database or use MivaSQL. If you pass #3 you can use MivaSQL for this database which will store the private keys in your configured mivadata folder located on the web server.
Step through the Encryption Key Migration Wizard to move it to a second MySQL database or use MivaSQL. If you pass #3 you can use MivaSQL for this database which will store the private keys in your configured mivadata folder located on the web server.
If you're using MySQL for your private key database your database password must be encrypted. If you're failing this test please step through the Encryption Key Migration Wizard and choose to Leave Private Keys in their Current Location. This will encrypt the password.
If logging is enabled please contact your Miva hosting provider or Miva support to get it deactivated.
This test is in regards to your Miva administration user accounts. If it fails you must have all administration users change their password.
You configure this by clicking on the Password Settings tab in Domain Settings.
Configured in Password Settings.
Configured in Password Settings.
Configured in Password Settings.
Configured in the Timeouts tab in Domain Settings.
Configured in the Timeouts tab in Domain Settings.
.Configured in the Timeouts tab in Domain Settings.
Configured in the Upgrade Settings tab in Domain Settings. Choose the Production Stream from the dropdown list if you're failing this test.
Order Encryption must be enabled for all of your stores. Click on Order Encryption in the admin interface to configure.
If your passphrase is older than 1 year you will need to change it. Please be aware that any order under the old passphrase will require you to enter the old pass phrase to access order and payment data.
If your passphrase is not older than one year but was created before upgrading to Production Release 7 you will need to create a new one. Please be aware that any order under the old passphrase will require you to enter the old passphrase to access order and payment data.