Quote:
Originally Posted by cflsystems
carpeperdiem thinks X-Payments will be hosted on QT servers and we all have to connect our carts to QT servers for payment. Is this really the case? If yes what is the difference then for having cart connected to the payment gateway we are using right now and QT X-Payments? If that's the case I better use my payment gateway off site. Or X-payments will be just a separate application on my server? Also when you say it will require SSL do you mean separate SSL for X-Payments only?
|
X-Payments will be just a separate application on your server.
You need an SSL for the domain where X-Payments is installed. If it is "https://checkout.store.com", you need an SSL for "checkout.store.com". Or you need a wildcard SSL for "*.store.com".
Quote:
Originally Posted by BritSteve
I find this very confusing. We have a separate firewall, a web server and a database server. The Web server is scanned daily and is PCI compliant. I send the SAQ every quarter.
We use Usaepay as a gateway, and do not store card numbers or CVV data.
Do we need a separate payment server to remain PCI compliant?
Steve
|
I'm not an expert on PCI compliance and can't consult you on this matter. However, I guess it depends on whether customers enter credit card numbers on your website, or on the USAePay website. If your server and web applications never touch the credit card data (i.e. it is collected on the USAePay website and is never transmitted to your server), I believe you don't need X-Payments at all.