There are a few questions you should ask your shopping cart vendor about PCI compliance. PCI compliance is a hot topic today and has been for several years now. Most shopping carts must be PA-DSS certified. Unless your cart is not storing or passing payment information, then it needs to be in compliance. The mandated deadline for banks to ensure all vendors, merchants and agents are in compliance is July 2010. Merchant merchants with a shopping cart will also need to use an Internet gateway service with built-in . That should also be PCI compliant. How do you know if your cart is in compliance? Ask the vendor for this information. What should you do it your cart is not PCI compliant? Ask them if they have applied for certification and are waiting. If nothing has been submitted or done about it, I would consider using another cart that is. Merchants are responsible for everything they do and use, including vendor’s products & services.