Quote:
Originally Posted by amsruned
Is xcart 4.4 from 4.3 going to be just a simple upgrade or will it require a whole nother redesign?
|
It won't be a simple upgrade. However, since we will use the same css-based skin templates, I believe it won't require complete redesign either.
Quote:
Originally Posted by just wondering
We've been told that as we're not storing any Card Details at all we DON'T need a Server Scan & only have to fill in the PCI-DSS Form "C". Even though we're on Shared Hosting.
So I'm sat here thinking "Do we even need the X-Payments Addon"?
|
As far as I understand the standard, if credit card data ever touches your server (and it does with SagePay Direct: php scripts receive it from a customer's browser and send it to a SagePay's server), your server is in the PCI scope.
Although the SAQ-C form omits some requirements, I guess it still requires you to use a PA-DSS verified payment application (the one that transmits card data from a customer's browser to a gateway's server) on a PCI-DSS compliant server (there is a special section related to Shared Hosting in the standard). X-Payments will be a PA-DSS verified payment application that processes SagePay Direct payments in a PCI DSS compliant manner.