[CenturyPerf]

Just for reference, my business has passed PCI-DSS compliance using manual processing of orders.

My processor was going to start charging additional fees if we were not compliant. After filling out pages upon pages of questions and providing details in how we process orders, how our customers place their orders, how our internal network operates, and making a couple subtle changes, we received a passing grade.

Although we are currently still using X-Cart vers. 4.0.19, manually processing each order from stored data in the X-Cart database, we still passed. It was my intention to continue manual processing with our new 4.4.x site that is nearing completion.

This new requirement, which sounds like the inability to store encrypted data within the xcart database, disturbs me. Although we could use our payment gateway processor (USA ePay) to Auth only each order, the mess being described in this thread sounds like that too may be impossible without some additional ridiculous expense.

Is manual processing still available? Is the default use of included APIs for gateways such as USA ePay still going to work?

I would like to hear some clarity on what these changes are going to be within X-Cart, and how they are going to affect how I currently utilize my online business.