X-Cart: shopping cart software

X-Cart forums (https://forum.x-cart.com/index.php)
-   Third Party Add-Ons for X-Cart 4 (https://forum.x-cart.com/forumdisplay.php?f=45)
-   -   Authorize.net DPM (PA/DSS Compliant) (https://forum.x-cart.com/showthread.php?t=57792)

BCSE 03-24-2011 10:18 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
The issue though is that one piece of software can't make you PA-DSS compliant. The DPM module is just one tool to help you move toward that. Authorize.net also doesn't state that I can see that their SIM integration is also PA-DSS compliant either, yet the whole transaction is taken on their site. The main reason being they can't guarantee anything else about your business process.

This would be the same as X-payments, even if it's does get approved as an application that's PA-DSS complaint, it doesn't make you PCI compliant without reviewing all of your other business processes around credit card transactions and security of your server.

Customers should always rely on their PCI compliance Auditors as to whether they are PCI compliant and whether the applications they are using are PCI compliant. This is one of the reasons we state it helps 'support you to be PCI Compliant including the new PA/DSS standard' It only supports you, it won't certify you.

I hope that clears it up.

Thanks,

Carrie

ediruzza 03-24-2011 11:30 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Price aside, what is the major difference between using x-payments and authorize.net DPM?

gb2world 03-24-2011 11:41 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
- The installation of DPM is vastly easier.
- The process for managing is no different for the shop owner than AIM. X-Payments management process is much more complex (Pin Codes, setting up crons, etc.)
- SAQ-A vs. more difficult paper work required by the bank
- One Page checkout is possible with DPM, not with possible with X-Payments
- X-Payments is even more complex installation for pre 4.3 X-Cart

Shamun 03-25-2011 12:16 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
I thought X-payments cannot be installed on 4.3 and earlier now?

ambal 03-25-2011 12:24 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
X-Payments can work with 4.3 out of the box
and it requires code tweaking for older versions.

ediruzza 03-25-2011 07:51 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Quote:

Originally Posted by gb2world
- The installation of DPM is vastly easier.
- The process for managing is no different for the shop owner than AIM. X-Payments management process is much more complex (Pin Codes, setting up crons, etc.)
- SAQ-A vs. more difficult paper work required by the bank
- One Page checkout is possible with DPM, not with possible with X-Payments
- X-Payments is even more complex installation for pre 4.3 X-Cart



Excellent...thank you.

xsurf 03-27-2011 06:55 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Hello Carrie, can such a module be developed also for Sagepay?

BCSE 03-28-2011 10:02 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Quote:

Originally Posted by xsurf
Hello Carrie, can such a module be developed also for Sagepay?



I looked through their site and I don't know if I'm missing it or what but I couldn't tell for sure. What I'd do is give them the Authorize.net link we provide on our site and see if they have some sort of direct posting method like that, that keeps you on your site still. If so, drop us an email to 'support' and we can evaluate doing it for you.

Thanks,

Carrie

Readerm 04-05-2011 05:00 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Honestly, I'm a bit lost. Would you, gentlmen, clarify for the poor one what else do we need to qualify for the bank requirements in addition to installing, say, DPM and completing SAQA?

Aqua 04-05-2011 06:51 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Rdr. Michael ,

Quote:

Originally Posted by Readerm
...what else do we need to qualify for the bank requirements...


I'm not sure anyone on this forum is in a position to address the qualifications for any particular bank or card provider. If you have installed DPM and successfully completed SAQA, perhaps consulting with your bank would be a good idea if you are still concerned about compliance with them.

As for our business, after installing the BCSE Authorize.net DPM mod on all our sites, we created and distributed protocol to all staff members for destroying all cc information via phone, fax, land-and-e-mail. It's our policy not to store cc information in our building and we tell our repeat customers that it's for their protection. Only one customer complained but 99% have appreciated that we do not store their cc data.

We successfully competed SAQA and will keep the audit on file both on site and remotely (cloud server). With recent news like this http://reut.rs/dF6cSt the public will appreciate all you do to make their sensitive information as private as possible.


All times are GMT -8. The time now is 01:28 AM.

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.