Quote:
|
Originally Posted by xplorer
Future X-Cart versions will feature one-step checkout provided it is not against PCI-DSS or PA-DSS.
|
You have multiple PA-DSS certified competitors with one-page checkout already. Google "PA-DSS one page checkout" and you'll find two of them on page 1.
Quote:
|
Originally Posted by xplorer
Yes, your server neither stores, nor processes, nor transmits CC data. However, X-Cart is a client-server software. And the payment page is a part of X-Cart. Unfortunately, PA-DSS doesn't give a clear answer on this question.
|
PA-DSS is derived from PCI-DSS. Same test as PCI-DSS. From the PA-DSS Requirements and security document under Scope of PA-DSS:
"The PA-DSS applies to software vendors and others who develop payment applications that
store, process, or transmit cardholder data"
You might want to read a good article on a trend of inflating PCI-DSS requirements,
The QSA Connundrum. Its easy to expand what needs to be done saying its more secure. But ultimately, its the PCI-DSS or PA-DSS standard we are required to meet - everything else is optional. When selling software, that option should be the customers option not something forced by the software vendor.