PCI compliance, Hosted shopping carts and digital download purchases... oh my!

I’m scalp deep in studies about PCI compliance as I try to figure out how best to operate an upstart eCommerce site. I hope the involuntary twitching will stop some day.

I’m using Joomla 1.5 and a RocketTheme template to design my site. The basic premise is that anyone can sign up for an account on my site, they can upload a file for me to work on and then if I am successful in the work they want from me, they will pay me and I will release a URL to them for them to download the completed file from. I could be dealing with as many as a few dozen files per day in six month’s time.

It seems that being on a shared host makes a website totally incapable of being PCI compliant. So that pretty much rules out using a Joomla shopping cart plug in and some payment gateway (I was looking at PayJunction as my gateway). That’s at least what I can gather so far. First question: Is that an accurate judgment based on my studies? A shared host always equals non PCI compliant?

So now I think that my best option is to stick to email invoices (I’ll email an invoice to the customer at the email address that they signed up with in Joomla) so that the website is totally taken out of the picture. I want to be able to accept major credit cards. Accepting Paypal would be awesome too. Of course, the download needs to be made immediately available and I’d also like to have a conversion page on my site. Second question: Does that seem like a sane idea given the information about my site that I’ve shared?

Third question: What payment gateway / shopping cart / whatever, do folks that have experience with selling downloads recommend? I’d prefer to use my own server to keep the files on since I’ll potentially be dealing with quite a few files per day and managing uploads to a third-party shopping cart service would add one more annoying thing to my day.

If you’ve read this far, I and my nervous tic salute you. :lol:

Plimus can host your files and take payments from your buyers in many ways, including phone order. Then they give you a branded MasterCard and you have your money through ATM or just pay for food with it :slight_smile:

When you outsource, the gateway and merchant account is included and sometimes so is file hosting for downloads.

  • Dan from FastSpring

Since a hosted system is simply connected
…it works with any platform. This is not
unique to us but it is handy.

You can sell through Facebook, emails,
membership sites, etc …any place you can
stuff a hyperlink, you can do ecommerce.

I think you have a multitude of factors to look at. I’m only going to look at the gateway situation. I’ve had to accomplish what you are trying do with my own business and I will gladly pass on a contact if you are interested.

You could simply use a cart with
a built in membership site system
and then create a membership site
for each customer.

You can store the content on your
server and then control it all with
password protection.

Setting up a membership site is
as easy as “click …browse …upload”.