Re: X-Cart and PCI-DSS / PA-DSS compliance
We have been looking into this and what it appears like to me is that all versions of x-cart are not and can not be PCI-DSS compliant. The reason for this is that in x-cart you have the option to store credit card information, and this is a BIG no-no. Even if there is a "upgrade patch" it can be circumvented so that credit card information can still be stored.
For this reason, version 5 must not have the option to store credit card information and be developed in such a way that it never can store credit card information in order to be PCI-DSS compliant.
X-cart absolutely needs to make a "database upgrade patch" that works 100% correctly 100% of the time to convert older carts to version 5. Most people can handle re-designing their site if need be, but retaining their data is of the utmost importance.
Am I wrong about this?
__________________
Two Separate X-Cart Stores
Version 4.4.4 Gold - X-AOM - Vivid Dreams Aquamarine (modified) - Linux
Mods - Newest Products - View All -, and a few others. Numerous upgrades from 4.0.x series.
Integrated with Stone Edge Order Manager + POS
Version 4.1.12 Gold (fresh install) - X-AOM - Linux
Mods - XCSEO free
|