AspDotNetStorefront Releases Build for PABP Certification


New member
Jan 23, 2005
Programming Experience
We're pleased to say we are submitting for final VISA/MasterCard PABP
certification approval. This has culminated a 4 month effort and hundreds of
develoment hours to conclude!!!

We have been very busy over the last 3 weeks making lots of low-level
code/archectural changes that are not visible to anyone, and don't add to
our "robust feature list" to encourage sales. Nevertheless, we are committed to spending the effort to ensure that we adhere to the latest PABP VISA/MasterCard certification standards, to ensure PCI compliance when installed in a PCI compliant hosting environment.

Version 6.3 is now in BETA, and with the auditors, to provide PABP (Payment Applications Best Practices) certification approval.

We are not aware of a SINGLE other shopping cart platform that is
doing this. The PABP release will be v6.3 (all versions).

* PABP VISA/MasterCard Final Certification Approval In Progress for
v6.3. As far as we can determine, we are the only shopping cart on
the entire market that has done this! We anticipate final certification in
about 30 days (10/06). PABP certification implies adherence to strict
security policy and procedural guidelines outlined by VISA/MasterCard to
help ensure PCI compliance in your installation. We have worked with one of
the best independent VISA/MasterCard approved auditing firms on this

* PABP release fully tested in PCI compliant environment for
VISA/MasterCard Certification

* Supports SSL Encryption for secure ordering. Cart automatically
switches into secure mode appropriately. Supports any brand SSL certificate.
(Contact your hosting company for certificates). Dedicated SSL certificate

* Medium Trust Hosted Servers fully supported

* IP Address Tracking: For safety and auditing, IP addresses are
logged (PABP)

* AVS (Address Verification) reporting from gateways in all orders

* Integrated MaxMind Geolocation Fraud Detection Metrics (optional)

* Strong State of the Art Rijndael/AES 256 bit Encryption for credit
card numbers. Admin can also specify not to store credit card numbers
anywhere in the database if preferred. (PABP)

* Require periodic password changes (PABP)

* State of the Art Password Salting + Hashing (PABP)

* Store Admin can lock out any customer account for security/fraud
reasons (PABP)

* Any order can be marked as fraud for later forensics (PABP)

* Turing Image login protection (protects against automated bot login
attacks) (PABP)

* Comprehensive 1 Year Aged Read Only Security Log built into admin
site. Viewable only by admin Super User. (PABP)

* Give individual admin operations permissions to view full credit
cards or not (PABP)

* Allow Customers to individually select if they want their credit
card information stored (overrides by store admin possible) (PABP)

* All Password Change Operations Logged (PABP)

* Complete RegEx AppConfig control over strength of passwords required
for store logins and admin logins (PABP)

* Support for dynamic encryption key changes via admin site (PABP)

* Store Admin specified encryption salting so every order record
contains a separate encryption key (PABP)

* Encrypted database connection strings in web.config files (PABP)
So, if you're wondering why we've been so quiet for the last 60 days..this
is what we have been spending our time on :)

Our development team, support & QA team, and have gone to extra lengths (and expense!) to ensure that this project happens. Our
estimate of the effort is approx $50,000 to do this certification process.

For many of our prospective customers still contemplating whether to go with AspDotNetStorefront or a "free" open source cart or an "wannabe" cart or the "heck, it can't be that hard, I'll just get a book and write my own in a couple days" cart...consider the importance of this certfication, and whether or not your "free" open source cart or "home grown" cart will leave you hanging down the road...

AspDotNetStorefront Team
Top Bottom