Quote:
|
Originally Posted by geckoday
PA-DSS is derived from PCI-DSS. Same test as PCI-DSS. From the PA-DSS Requirements and security document under Scope of PA-DSS:
"The PA-DSS applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data"
You might want to read a good article on a trend of inflating PCI-DSS requirements, The QSA Connundrum. Its easy to expand what needs to be done saying its more secure. But ultimately, its the PCI-DSS or PA-DSS standard we are required to meet - everything else is optional. When selling software, that option should be the customers option not something forced by the software vendor. |
I've received an unofficial response from our PA-QSA (they haven't investigated it in details) that, although it is an insecure method of integration, it is not against PCI-DSS. So, most likely the next X-Payments version will support displaying of the payment form in X-Cart, not in X-Payments.
Thanks!