This Version is Out of Date
You can find the updated Miva 10 Reference Guide here
PA-DSS stands for "Payment Application Data Security Standard". This tab lists the features that Miva Merchant is required to provide to comply with the PCI (Payment Card Industry) security standards. Please note that this is not a complete checklist for PCI compliance. For example, PCI has requirements for hardware firewalls that Miva Merchant software cannot test for and does not provide. The checklist on this page only contains the PCI requirements that Miva Merchant is responsible for under PA-DSS.
To view the Miva Merchant AOV (Attestation of Validation): https://www.miva.com/pdf/PA-DSS-Implementation-Guide_v1.0.pdf
In order to maintain your PCI –DSS compliance, you must use Miva Merchant 5.5 Production Release 7 (fully patched), or later, AND follow the Miva Merchant PA-DSS Product Installation Guide when you configure your Miva Merchant online store. You can download the PA-DSS Product Installation Guide here: https://www.miva.com/pdf/PA-DSS-Implementation-Guide_v1.0.pdf
Larger merchants may be required by their merchant account provider to pass a PCI audit that is performed by a Qualified Security Assessor who is PCI certified.
If you need to upgrade Miva Merchant Empresa you will need to contact your Miva Merchant hosting provider. You can download the latest release of Miva Merchant Empresa here. If you have no experience installing or configuring Miva Merchant Empresa please contact your host or Miva Merchant support.
Miva Merchant Empresa has a logging feature to aid in troubleshooting. When active this test will fail. You will need to contact your hosting provider or Miva Merchant support for guidance in deactivating logging for Miva Merchant Empresa.
If you're using MivaSQL you will need to have your database converted. Our conversion tool is located here. If you do not have access to a MySQL control panel and/or database please contact your Miva Merchant host to get access to create a database of have them create one for you. You will need the database name and the username/password used to access the database. This user must have ALL privileges granted to it.
This test will not pass if you're using MivaSQL. The MySQL database must reside on a server that is separate from the web server. You will need to contact your Miva Merchant hosting provider about setting up a MySQL database on a separate server.
If your database password is not encrypted you will need to step through the Encryption Key Migration Wizard and choose to Leave Private Keys in their Current Location. This will not move anything but it will encrypt the password. Encryption Key Migration Wizard
If logging is enabled please contact your Miva Merchant hosting provider or Miva Merchant support to get it deactivated.
Your private keys are the keys for your order encryption. To be compliant your private keys must be stored in a database that is separate from your main database. It also must be located on a server that is separate from the server that your primary database is on (see #7). Step through the Encryption Key Migration Wizard to move it to a second MySQL database or use MivaSQL. If you pass #3 you can use MivaSQL for this database which will store the private keys in your configured mivadata folder located on the web server. Encryption Key Migration Wizard
Step through the Encryption Key Migration Wizard to move it to a second MySQL database or use MivaSQL. If you pass #3 you can use MivaSQL for this database which will store the private keys in your configured mivadata folder located on the web server.
If you're using MySQL for your private key database your database password must be encrypted. If you're failing this test please step through the Encryption Key Migration Wizard and choose to Leave Private Keys in their Current Location. This will encrypt the password.
If logging is enabled please contact your Miva Merchant hosting provider or Miva Merchant support to get it deactivated.
This test is in regards to your Miva Merchant administration user accounts. If your passwords have been created since the update to Production Release 8 this test will pass. If it fails you must have all administration users change their password.
You configure this by clicking on the Password Settings tab in Domain Settings.
Configured in Password Settings
Configured in Password Settings
Configured in Password Settings
Configured in the Timeouts tab in Domain Settings.
Configured in the Timeouts tab in Domain Settings.
Configured in the Timeouts tab w/in Domain Settings.
Configured in the Upgrade Settings tab w/in Domain Settings. Choose the Production Stream from the drop down list if you're failing this test.
Order Encryption must be enabled for all of your stores. Click on Order Encryption w/in your admin interface to configure.
If your pass phrase is older than 1 year you will need to change it. Please be aware that any order under the old pass phrase will require you to enter the old pass phrase to access and payment data.
If your passphrase is not older than one year but was created before upgrading to Production Release 7 you will need to create a new one. Please be aware that any order under the old pass phrase will require you to enter the old pass phrase to access and payment data.
More PCI/PA-DSS information including our PA-DSS Implementation Guide.