As a web developer, this has me very concerned. A couple of years back we made a cart for a board game company using Joomla and Virtuemart. My client's bank is now stating that the cart system is non-compliant because the credit cards are entered on the site. Even though we're using SSL, a private IP address and the money exchange is done on Authorize.net; they claim this is not good enough. Has anyone has a similar complaint about a cart they put together for a client? Her bank has threatened to shut it down if it doesn't pass the next Trustwave PCI assessment. This cart setup is used on MANY sites.
Thanks in advance!