Quote:
Originally Posted by kulture
The real question is can a merchant who is SAQ C (which I suspect is the vast majority here) continue to use older versions of xcart or any version of Litecommerce, and if so under what circumstances (third party gateway, off site processing or direct on site processing)
|
Sure. You've just got to remove X-Cart as the payment application. This can be done on any version of X-Cart by using a gateway hosted payment page (Authorize.Net SIM, Paypal Payflow Link, etc.). This will also remove your server from PCI scope and depending on your business model this might even move you down to SAQ A. If you don't like that approach you could have a one-off payment module written just for you to use a fully integrated API (Authorize.Net AIM, Paypal Payflow Pro, etc.). A one-off module isn't subject to PA-DSS and would just be part of your normal PCI-DSS assessment. The only problem with that might be your card processor won't like it and still insist you use a PA-DSS certified shopping cart even though its technically not required.