One thing many do not understand or do not want to understand - PCI-DSS forces everyone to use certified solution for collecting CC payments. XC is not certified payment application. Using XC only to collect and process CC payments makes the whole process non-compliant. It doesn't matter what some rep at PP said. You need to use certified application like X-Payments or take the payment process out of XC completely - no other way around.
At the end of the day the merchant is responsible if anything... And - if your client is fined $50000 one day because of this they will blame you, the developer, for allowing them to use non-compliant solution
so maybe you need to put your foot down and not do what the client wants in that situation
@Mike
Quote:
|
I would simply do what the client asked, after warning them that it is not the best way. I have clients that still store card holder data directly on their server, and process cards offline!
|
You should do your best to force these clients not to process CC that way - there is no excuse for doing that anymore.