OK, so someone on the Stores Board said that if my web host is not CISP complaint, I can lose my merchant account.
Can someone, in little words, explain this to me?
Zoom.
I read it but it's still over my head.
For a level 4 person, what would I be looking for in a web host so that I can do whatever it is I need to do to be compliant, once I figure that out.
For Level 4 you self-certify that you're in compliance...
I'd ask a host if they have/provide a firewall. I'd also make sure you can get your own SSL certificate instead of using the host's shared certificate. (
http://ev1servers.net/hosting/domains/index.asp has RapidSSL certificates for $14.95 and GeoTrust Quick SSL certificates for $49. You don't need to use ev1 for hosting to buy the certificates).
Nothing like learning something new to make one feel really really dumb.
Another question - do you need a private SSL for each domain for which you have a store set up?
[quote author=iron_chick link=topic=2202.msg7746#msg7746 date=1137362990]
Nothing like learning something new to make one feel really really dumb.
Another question - do you need a private SSL for each domain for which you have a store set up?
[/quote]
Yep, you'd need a SSL certificate for each domain, and each domain would need its own IP address. Also, SSL certificates will only work on the domain you buy it for and they won't work on subdomains of that same domain unless you buy a wildcard SSL certificate (which are usually $200+ depending who you buy it from)
examples:
1)An SSL certificate for
www.domain.com will not work on domain.com or subdomain.domain.com. unless you get a wildcard SSL certificate
2) A store on
www.domain.com and store on
www.domain2.com would each need their own SSL certificates (the cheap $15 each type of SSL)
That's what I thought. At least that part is starting to make sense.
One of my questions a few days ago was what benefit does a private SSL have over a shared one. This would be one - and from a buyer point of view, not having the buyer get the message that the domain and SSL don't match up would be a biggie in building/establishing buyer confidence, I imagine.
Quote:This would be one - and from a buyer point of view, not having the buyer get the message that the domain and SSL don't match up would be a biggie in building/establishing buyer confidence,
That's the main benefit, and its the main benefit of getting your own SSL certificate rather than using a shared one that has your hosting company's name on it.
That actually makes sense to me.
I've dropped carts when that warning sign came up. That and not knowing shipping costs before coughing up credit card info are the two biggest reasons I'll hit the back button and go elsewhere. The SSL warning sign wouldn't discourage me with a seller I knew and trusted but with an unknown, it would. And has.
I didn't realize you could get an SSL so inexpensively these days.
(One good thing I can say about eBay is that it at least gets you used to handing over money. ))