Our most recent annual PCI-DSS validation was completed by Trustwave March 11, 2014. You can download the Corecommerce AOC.
Becoming PCI-DSS compliant is both time consuming and very expensive. It requires a third-party auditor that is certified by Visa/MasterCard to review both your physical security, as well as perform penetration testing on the software itself to ensure hackers can’t exploit vulnerabilities to gain access to sensitive credit card information. Depending on the type of problems the auditor finds, it can take 3-9 months to pass the rigorous guidelines that are set forth by the PCI Security Standards Council.
High-status cases concerning big corporations have hit the headlines in the last couple of years. The Payment Card Industry has threatened huge fines against some larger merchants of up to $25,000 per month until compliance is obtained. In the high-profile case of TJX (owner of T.J. Maxx, Marshalls, Home Goods and A.J. Wright retail chains), the company reported spending $202 million because of the PCI violation that compromised the cardholder account information of as many as 40 million customers. The money is being spent to handle more 20 lawsuits brought against it by banks and consumers in the U.S. and Canada and to pay settlements with credit-card associations. Currently only a few select shopping cart providers are PCI-DSS Compliant.
CoreCommerce is PCI compliant, you can download the paperwork you need to submit to your credit card processor here.