Re: Do we need X-Payments?
 

That is the way to go yes. Of course you cannot make them do something or not - I meant be firm and make sure they do understand the consequences of not following the rules. This is not a game unfortunatelly and the banks will do anything to get their hands on someone elses money. And from what I hear bank fees will go up in 2013.... so maybe there will be revised PCI-DSS fees as well....

There are few good threads here in the forum about this as well as a webinar link - you may point that to them as a reading material

Re: Do we need X-Payments?
 

Yes I will tell him to research this - like I say it's only because "PayPal said" and of course why would anyone phone PayPal to get their website approved for PayPal Pro and then disbelieve them? Bizarre but seemingly, true!

Re: Do we need X-Payments?
 

Hi Everyone,

We will work with PayPal to make sure their account managers have right understanding of X-Cart product line vs PCI compliance requirements.

indizine, I advise to have that client sign some paper where he will confirm that he was informed about consequences of using old X-Cart versions with non-compliant integrations. At least you will have some protection if he is fined after all.

Recently an Australian merchant using old version of X-Cart was fined by his bank due to big leak of credit card details and forced to change payment method. I fear I can't disclose more details due to privacy policy.

Re: Do we need X-Payments?
 

I am using 4.1.10, with PayPal Pro Express Checkout and Authorize.net Aim and not saving CC information.

I am assuming I do not need X-Payments, correct?

Re: Do we need X-Payments?
 

Donster, since you use Authorize.net Aim you do need X-Payments.

Re: Do we need X-Payments?
 

You need either X-payments or many banks (all that I know of) accept one of these two options as well to get X-cart out of PCI compliance scope:
http://www.bcsengineering.com/store/authorize.net-dpm-module-for-x-cart-pa-dss-compliant.html

http://www.bcsengineering.com/store/authorize.net-cim-module.html

It is really up to your bank and their requirements but having 4.1.x and having the CC going through your system is not OK without some major overhaul and audit of your system (or one of the above 3 options).

Thanks,

Carrie

Re: Do we need X-Payments?
 

Hi,
I'm having trouble understanding how the x-payments product works. I understand that it will meet PCI-DSS compliance along with the scans, and to keep the CC information secure.

As the product itself is it a once install and done product or do I need to pay monthly or yearly fees for it?

I have an older version of x-cart, just because it is extremely heavily modded and I just couldn't keep up with updates, but will probably move up to 4.5 branch later this year or next.

I got an e-mail that the licenses in the account will expire soon, and am contemplating installing x-payments now if there will be a cost savings.

Can it be implemented in a 4.1.9 site?

Are there significant issues still with x-payments that I should be aware of before switching over?

If so what are the alternatives that can be done that will still preserve the onsite checkout appearance. I currently use PayPal Pro.

I apologize I've been avoiding this like the plague just because I didn't understand everything that is going on and how to properly integrate this into my site. Any advice, comments or knowledge would be appreciated. Thank you.

Re: Do we need X-Payments?
 

Basically, yes. But in order to be fully compliant you need to run X-Payments in a separate PCI-DSS compliant hosting space. You can't have it installed in the same space where you run your online shop and other web-site software.



See http://www.x-cart.com/xpayments-pricing.html

There are two types of X-Payments - X-Payments Hosted ("For Small Business" and "For Malls" plans) and X-Payments download license.

The 1st type of X-Payments is a subscription based product since it is a hosted version - we provide PCI compliant hosting along with X-Payments so you do not need to worry about that.

The 2nd one costs rather large one time fee for life time usage, but you get the software with all the source code files and can host wherever you want provided your hosting space for X-Payments meet the aforementioned requirement (to be separate and PCI compliant).


Well, you can keep using your old X-Cart version (4.1.x) and have it integrated with X-Payments. We provide connector module for your X-Cart version free of charge and you can download it in your File Area account and install. If you wish we can do the service of connecting your X-Cart with X-Payments for a fee. Contact us using http://www.x-cart.com/contact-us.html whenever you want.


This means you might have a free X-Payments license in your HelpDesk account since you received that email. Check "Licenses" section at https://secure.qtmsoft.com for a free X-Payments license. It will be annulled if you do not use your free X-Payments license before March 1st 2013.

Also, check this thread - http://forum.x-cart.com/showthread.php?t=65370 as there are some FAQs answered.


Yes, see above.



The major one was with iFrame integration but we are going to fix it by providing a new X-Cart version and new X-Payments version with improved iFrame integration.
All others are caused by improper installation of X-Payments or/and using incompatible hosting space.

Re: Do we need X-Payments?
 

Does anyone know of a decent compliant host to install x-payments on. I didn't realize the following that the hosting company said I needed to install x-payments.

x-payments will need to be setup on its OWN cpanel account using a subdomain, and it needs its OWN SSL certificate.

I was thinking if this was true, I was just going to host the x-payments subdomain on a hostmonster or comparable server. Getting another hosting account with my current vendor just seemed like overkill for this at this time. Any thoughts as to what a relatively inexpensive hosting setup would be including ssl, and dedicated IP to accomplish this? One of my goals is to install it for now to take advantage of the free license until i get it running for now. In the eventuality that I would go and integrate it would there be an issue to continue running it through there?

Another option was with GoDaddy they got a deal for premium hosting with a free ssl cert.
LINK

Re: Do we need X-Payments?
 

Check XC recommended hosts in the marketplace area. I woudl avoid GoDaddy for something like this - that hosting sounds like shared hosting.

Re: Do we need X-Payments?
 

Here is the link
http://marketplace.x-cart.com/hosting/

Please note that X-Payments Hosted plans combine X-Payments and PCI compliant hosting and this may ease your headache a lot.

Re: Do we need X-Payments?
 

Where can I find the x-payments server/hosting requirements not just hardware/software installed, but also for security etc?

Re: Do we need X-Payments?
 

Re: Do we need X-Payments?
 

Yes, you do need X-Payments if you are processing using PayPal Payments PRO. Despite of PayPal Payments PRO is PCI compliant your site and hosting environment are to be PCI compliant, too, since your site receives and transmits credit card holder data.

Re: Do we need X-Payments?
 

It's amazing that this long after this standard came out, so many merchants are still confused. The PCI council needs to invest in education.

Re: Do we need X-Payments?
 

That's the main goal of this ... As a bartender will say - "the depressed customer is the best customer" :)

Re: Do we need X-Payments?
 

Sometimes I start thinking people from the PCI industry we work with get confused, too.