Securing Customer Credit Card Data

Acquia Room (Class 103)

Drupal Commerce, Ubercart, Recurly: downloading and installing one of these community supported modules makes it easy to add a shopping cart to any Drupal site (large or small) and start processing credit card transactions. Unfortunately, insufficient security measures can make it relatively easy to steal this credit card data, which opens the door to significant financial liabilities and PR challenges for the site owner.

The appropriate way to secure a Drupal eCommerce site is to comply with the PCI-DSS (Payment Card Industry Data Security Standard, aka "PCI Compliance"). While not necessarily easy to achieve and maintain, it's a mandatory set of requirements created by the credit card industry for all merchants handling credit card transactions.

This presentation will review the various components of the standard as they pertain to Drupal as well as provide practical advice on how to best reduce ones risk when processing credit cards.

For more background on PCI compliance for Drupal, please visit and download the free, community sponsored white paper.

Experience level: