Re: Do we need X-Payments?
If your payment processor is happy with the setup, than you are probably OK. It is up to the merchant services provider to enforce the PCI Compliance rules.
However if a breach occurs, and cardholder data is compromised, you may still be liable for fines.
It is not your problem really, it sounds like you have recommended the best options to your client, if they want to flirt with danger than it is their choice. I would simply do what the client asked, after warning them that it is not the best way. I have clients that still store card holder data directly on their server, and process cards offline! Unbelievable!
__________________
Mike White - Now Accepting new clients and projects! Work with the best, get a US based development team for just $125 an hour. Call 1-502-773-6454, email mike at babymonkeystudios.com, or skype b8bym0nkey
XcartGuru
X-cart Tutorials | X-cart 5 Tutorials
Check out the responsive template for X-cart.
|