I’m scalp deep in studies about PCI compliance as I try to figure out how best to operate an upstart eCommerce site. I hope the involuntary twitching will stop some day.
I’m using Joomla 1.5 and a RocketTheme template to design my site. The basic premise is that anyone can sign up for an account on my site, they can upload a file for me to work on and then if I am successful in the work they want from me, they will pay me and I will release a URL to them for them to download the completed file from. I could be dealing with as many as a few dozen files per day in six month’s time.
It seems that being on a shared host makes a website totally incapable of being PCI compliant. So that pretty much rules out using a Joomla shopping cart plug in and some payment gateway (I was looking at PayJunction as my gateway). That’s at least what I can gather so far. First question: Is that an accurate judgment based on my studies? A shared host always equals non PCI compliant?
So now I think that my best option is to stick to email invoices (I’ll email an invoice to the customer at the email address that they signed up with in Joomla) so that the website is totally taken out of the picture. I want to be able to accept major credit cards. Accepting Paypal would be awesome too. Of course, the download needs to be made immediately available and I’d also like to have a conversion page on my site. Second question: Does that seem like a sane idea given the information about my site that I’ve shared?
Third question: What payment gateway / shopping cart / whatever, do folks that have experience with selling downloads recommend? I’d prefer to use my own server to keep the files on since I’ll potentially be dealing with quite a few files per day and managing uploads to a third-party shopping cart service would add one more annoying thing to my day.
If you’ve read this far, I and my nervous tic salute you. 
