X-Cart: shopping cart software

X-Cart forums (https://forum.x-cart.com/index.php)
-   X-Payments issues & questions (https://forum.x-cart.com/forumdisplay.php?f=50)
-   -   xpayments on seperate server (https://forum.x-cart.com/showthread.php?t=63462)

a1deano 04-29-2012 03:26 AM

xpayments on seperate server
 
Hi all ive been in talks with Handson hosting who have really been a massive help, they brought to my attention -

Can X-Payments be installed on a shared hosting?

Yes, provided that a separate account is used for hosting X-Payments. No other software must be installed and run under this account.

Whilst i understand this i am running a test using v4.5.0 with xpayments installed in root along with xcart, and all is running smooth, I have done a PCI scan this morning and all passed.
So surely this would satisfy my merchant bank that my site has a PCI certificate...

Other wise this means having a second package just to run xpayments on and all this add's up and is hard for a small site like us to pay out on....

Would i be breaking any laws?? even though my scan says i am compliant?
If i have to purchase a second server then I have to, i know i can use the form method then don't have to be pci compliant but i wish to take the next step up and keep people on my site when paying...any advise on this please...thanks

totaltec 04-29-2012 03:53 AM

Re: xpayments on seperate server
 
If you read the specifications for pci compliance and interpret them literally, it does appear that you need a separate server.
Quote:

2.2.1 Implement only one primary function per server to prevent functions that require different security levels from co-existing on the same server.
(For example, web servers, database servers, and DNS should be implemented on separate servers.)
Note: Where virtualization technologies are in use, implement only one primary function per virtual system component.

Though for some reason, several members of this forum disagree with this standpoint.

a1deano 04-29-2012 04:03 AM

Re: xpayments on seperate server
 
Thank for that so if its written in the pci specifications then even thou my scan will be complaint from a legal stand point i won't be fully compliant and if anything were to go wrong then i could be leaving my self open to a massive fine $10,000 if i am correct.....not worth the risk if you see it from that point then..Thank you for this info.

cflsystems 04-29-2012 07:17 AM

Re: xpayments on seperate server
 
Quote:

2.2.1 Implement only one primary function per server to prevent functions that require different security levels from co-existing on the same server.
(For example, web servers, database servers, and DNS should be implemented on separate servers.)
Note: Where virtualization technologies are in use, implement only one primary function per virtual system component.


If you literally follow this then XC (and any other shopping system that uses db) cannot be compliant unless you have one server to run the web site and another server to run MySQL. XC requires webserver and database server installed :) Sites on VPS will have to use 2 VPS systems as well.

On top of that if you want to host your own email server you have to get another machine...

Anyone using 2 machines with their XC store? I don't think so. I think this is another one of these parts of PCI spects where it all depends on your bank, how much they like you, or if the bank officer woke up in a good mood this morning.... :)

a1deano 04-29-2012 07:46 AM

Re: xpayments on seperate server
 
This subject is such a minefield really as long as your scan says you are compliant i can't see the harm if both xcart and xpayments are both in root.

Wonder what your merchant bank would say once you've handed them your PCI compliant certificate, don't think they would even care if xpayments wasn't in its own server or not, you have a certificate saying your compliant....which means you meet all the requirements, its fine if you have the spare cash to run two servers both with dedicated ip's and two ssl certificates.
But for us small guys every bit of money counts....
I am so 50/50 in what to do but i have till v4.5.0 goes stable to decide..lol

ambal 04-29-2012 11:23 PM

Re: xpayments on seperate server
 
> But for us small guys every bit of money counts....

I think small guys should go with a payment gateway hosted credit form option and do not increase their level of PCI-DSS compliance.

a1deano 04-30-2012 03:06 AM

Re: xpayments on seperate server
 
Yes to a degree i understand this but the next move forward would be to keep your customers on your site, i am sure i read some were on this forum that not everyone likes been redirected to a payment gateway then back again to your site, hence could result in a lost sale! ok for most people they might not care about been redirected but if you can keep the sale simple all in one easy move on your site then surely this has to be better...?


All times are GMT -8. The time now is 04:50 PM.

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.