|
Re: X-Cart and PCI-DSS / PA-DSS compliance
Add Network Merchants Inc. to the list: https://www.nmi.com/
I just confirmed that they simulate Authorize.net SIM; I'm using them for Authorize.net AIM gateway emulation. They offer a hosted page that can be altered to match your website / shopping cart. |
Re: X-Cart and PCI-DSS / PA-DSS compliance
Quote:
Thanks Carrie! I am working with the Authorize.net SIM now as a backup plan - their 255 header and footer html text limit is frustrating - I guess I need to look further into "including a style sheet in the transaction request"! Quote:
I use virtual merchant now to keep the charges within the store framework but this is not a "hosted payment gateway" solution that will need to be implemented end of June if x-payments is not available. Thanks! Janice |
Re: X-Cart and PCI-DSS / PA-DSS compliance
Wow, a lot of information to absorb here. I've now read this whole thread (and a few others) 2 or 3 times over. Thanks to everyone for trying to clear things up for others.
I have a few questions. Thanks in advance for any answers! I have multiple Xcart versions running from 4.0.13 to 4.2.0. I am planning the following tasks: 1 - upgrade servers to php v5.3 2 - patch Xcarts to run on php v5.3 (do patches exist for this?)(is this something QT can do for me?) 3 - have Xpayments installed on each (I think $75/ea was posted by QT) 4 - advise and assist all Xcart users to switch to some payment gateway (preferrably not offsite) I assume that this will make all the sites compliant, insofar as Xcart is concerned. Right? If all this is done, will the sites still be required to have the PCI Compliancy Scanning performed quarterly? Or would that go away due to the sites no longer processing/transmitting/storing CC data? Am I missing anything here? |
Re: X-Cart and PCI-DSS / PA-DSS compliance
May i ask as iam not that clued up on this stuff, iam thinking of moving host to uk secure web hosting, their Ecommerce SSL Hosting package is PCI DSS Compliance, does this mean if i move over to them then i will be covered for accepting credit cards etc on my store.
At present i use paypal standard which isn't a very good idea as customers leave my store to pay, but iam thinking of upgrading my store so customers stay on my site to pay so does this mean id be covered if i change hosting to uk secure web hosting.. Thanks for any advise.. |
Re: X-Cart and PCI-DSS / PA-DSS compliance
Well ive contacted "uk secure web hosting" twice now and they havn't replied, i know they are receiving my messages because they replied back when i send them a smtp update for o2 Hmmmmmmm
Looks like they don't want the business!! |
Re: X-Cart and PCI-DSS / PA-DSS compliance
Quote:
Have you talked with Emerson over at EWD Hosting |
Re: X-Cart and PCI-DSS / PA-DSS compliance
I did look at there hosting package, unfortunatly as iam in the uk their price is $45 for uk hosting and thats over double what iam paying now, thanks for info thou :)
|
Re: X-Cart and PCI-DSS / PA-DSS compliance
Quote:
Just to clarify: are you worried that customers leaving your site to pay at PayPal will make you less PCI compliant? In another way, are you thinking if customers stay on your site to pay this would enhance your PCI compliance? I hope the answers to both are not yes, yes. We often forget that in reality, the only time a customer "stays" on one's site to pay is when they use store's gift certificates, money order, or check. At all other methods, they "leave" the store to pay. The issue is whether it is shown to the customer they are leaving and whether we collect the info and help transfer it instead of them actually entering the info at the external site. So even if you use authorize.net, the customer's data has to leave your site to authorize.net for the payment to occur. The only quick difference here with PayPal standard is that you help transfer the customer info to authorize.net "silently" whereas the customer is involved with the transfer for PayPal In fact, one could argue that the PayPal system, like Google Checkout is more secure for both the merchant and the customer overall. Because the customer has to login to her PayPal account to approve (pay) or not approve the payment the PayPal system gives a layer of security similar to VISA verified. Even better, if integrated normally by the merchant, PayPal Standard, PayPal Express and Google Checkout all have the advantage that the actual account# (e.g. Credit/Debit card number plus CVV, or Bank account # in the case of PayPal) is never seen nor saved by the merchant. The net effect of this is that the customer's sensitive payment data is saved in only one place (may be two places if she uses PayPal and Google Checkout) rather than on every merchant database where she shops, including at authorize.net, and all the other gateways. As we advise security-conscious customers, this is one of the situations where it is a good thing to put one's eggs in a single basket (or two at most), instead of having sensitive data all over the place at each merchant; it is the way to avoid multiple points of failure leading to more frequent data compromise. |
Re: X-Cart and PCI-DSS / PA-DSS compliance
I need to be pci compliant as iam moving over to Barclays ePDQ and with this new compliance thing in June i must sort the 2 errors out that Mcfee pci scan picked upon.
I use Paypal Standard at present but as most people state on the forum its not very profesional customers leaving your site to pay. By me moving over to Barclays they are actualy offering a better rate than Paypal pro but even if i chose this method id still need to be pci compliant. Ive just intalled a new SSL certificate in my eyes a better one, clickable so customers can check, iam trying to do everything to be secure, even if i didn't need to be compliant its always good to find any vulnerabilities and get them adrressed for peice of mind for you and your customers... |
Re: X-Cart and PCI-DSS / PA-DSS compliance
Actually paying with PayPal I would expect to be taken to PayPal site for payment, I am used to it, so I don't think this is unprofessional. Paying with CC - I would think twice if url changes and I am taken to some other place I am unfamiliar with.
|
| All times are GMT -8. The time now is 03:48 PM. |
Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.