Knowledgebase: PA-DSS
Understanding the PA-DSS checklist inside your Miva Merchant administration interface
Posted by Jim McCormick on 07 March 2011 12:09 PM

1. Miva Empresa Version v5.17 or Newer

If you need to upgrade Miva Merchant Empresa you will need to contact your Miva Merchant hosting provider. You can download the latest release of Miva Merchant Empresa here. If you have no experience installing or configuring Miva Merchant Empresa please contact your host or Miva Merchant support. Miva Merchant support also offers an Empresa upgrade service for $249.00. Miva Merchant Empresa Upgrade Service.

2. Miva Empresa Debug Logging Disabled

Miva Merchant Empresa has a logging feature to aid in troubleshooting. When active this test will fail. You will need to contact your hosting provider or Miva Merchant support for guidance in deactivating logging for Miva Merchant Empresa.

3. Primary Database Using MySQL

If you're using MivaSQL you will need to have your database converted. Our conversion tool is located here. If you do not have access to a MySQL control panel and/or database please contact your Miva Merchant host to get access to create a database of have them create one for you. You will need the database name and the username/password used to access the database. This user must have ALL privileges granted to it. Miva Merchant support offers a migration service for this for $149. To purchase the migration click here

4. Primary Database not Located on Web Server

This test will not pass if you're using MivaSQL. The MySQL database must reside on a server that is separate from the web server. You will need to contact your Miva Merchant hosting provider about setting up a MySQL database on a separate server.

5. Primary Database Password Encrypted

If your database password is not encrypted you will need to step through the Encryption Key Migration Wizard and choose to Leave Private Keys in their Current Location. This will not move anything but it will encrypt the password. Encryption Key Migration Wizard

6. Primary Database Activity Logging Disabled

If logging is enabled please contact your Miva Merchant hosting provider or Miva Merchant support to get it deactivated.

7. Private Keys Stored in Secondary Database

Your private keys are the keys for your order encryption. To be compliant your private keys must be stored in a database that is separate from your main database. It also must be located on a server that is separate from the server that your primary database is on (see #7). Step through the Encryption Key Migration Wizard to move it to a second MySQL database or use MivaSQL. If you pass #3 you can use MivaSQL for this database which will store the private keys in your configured mivadata folder located on the web server. Encryption Key Migration Wizard

8. Private Key Database on Different Server Than Primary Database

Step through the Encryption Key Migration Wizard to move it to a second MySQL database or use MivaSQL. If you pass #3 you can use MivaSQL for this database which will store the private keys in your configured mivadata folder located on the web server.

9. Private Key Database Password Encrypted.

If you're using MySQL for your private key database your database password must be encrypted. If you're failing this test please step through the Encryption Key Migration Wizard and choose to Leave Private Keys in their Current Location. This will encrypt the password.

10. Private Key Database Activity Logging Disabled

If logging is enabled please contact your Miva Merchant hosting provider or Miva Merchant support to get it deactivated.

11. All User Passwords Strongly Encrypted

This test is in regards to your Miva Merchant administration user accounts. If your passwords have been created since the update to Production Release 8 this test will pass. If it fails you must have all administration users change their password.

12. Force Password Change After 90 Days or Less

You configure this by clicking on the Password Settings tab w/in Domain Settings.

13. Password Minimum Length 7 Characters or Greater

Configured in Password Settings

14. Passwords Require at Least one Letter and one Number or Punctuation Character

Configured in Password Settings

15. Users May Not Reuse Their Last 4 or More Passwords

Configured in Password Settings

16. Administrative Sessions Expire After 15 Minutes or Less of Inactivity

Configured in the Timeouts tab w/in Domain Settings.

17. Administrative Users Locked out After 6 or Fewer Invalid Login Attempts

Configured in the Timeouts tab w/in Domain Settings.

18. Administrative Users Invalid Login Lockout Interval 30 Minutes or Greater

Configured in the Timeouts tab w/in Domain Settings.

19. Production Upgrade Stream

Configured in the Upgrade Settings tab w/in Domain Settings. Choose the Production Stream from the drop down list if you're failing this test.

20. Order Encryption Enabled For all Stores

Order Encryption must be enabled for all of your stores. Click on Order Encryption w/in your admin interface to configure.

21. Current Order Encryption Key Less Than 1 Year Old For all Stores

If your pass phrase is older than 1 year you will need to change it. Please be aware that any order under the old pass phrase will require you to enter the old pass phrase to access and payment data.

22. Current Order Encryption Key Created Post-Upgrade For all Stores

If your passphrase is not older than one year but was created before upgrading to Production Release 7 you will need to create a new one. Please be aware that any order under the old pass phrase will require you to enter the old pass phrase to access and payment data.


More PCI/PA-DSS information including our PA-DSS Implementation Guide.
PA-DSS Implementation Guide

(25 vote(s))
This article was helpful
This article was not helpful

Help Desk Software by Kayako fusion