The more I study the issue of PCI compliance, the more complex it appears to be.
Just when I think I have found the easiest way to achieve compliance (exemption, for example), I realize that other processes we perform would not allow the exemption.
As others have pointed out, this is going to be a major issue for X-Cart merchants with older versions, and for all merchants in the near future. (I am under the impression that it may not be practical to bring an earlier version (V3.x for example) into compliance, in which case it should be posted, or at least provide a road map of the steps necessary to achieve compliance).
It seems that it would be of benefit for X-Cart to discuss/provide/suggest modifications/implementations that would allow users of all versions of X-Cart a road-map for achieving compliance, not just providing a payment module with instructions, but also outlining the other issues that need to be addressed in order for a merchant to become compliant. I realize that some of this might turn away potential new customers for X-Cart and custom developers, but ultimately, the shopping cart developer that provides the easiest solution for merchants to achieve total PCI compliance will gain market share.
This is such an urgent/important issue that perhaps a new thread should be opened to discuss/provide/suggest modifications/implementations necessary to achieve compliance.
Step #1
https://www.pcisecuritystandards.org/pdfs/pci_dss_saq_instr_guide.pdf