Quote:
1. We release X-Cart 4.3
2. We develop a payment module for X-Cart 4.3 and X-Cart 5.0 and verify it by a PA-QSA; probably, the source code of the module will be encrypted with Zend/ionCube
3. X-Cart users disable its credit card processing functions (so, X-Cart becomes not a subject for PCI-DSS) and install the PA-DSS verified payment module that handles all the credit card stuff; we will distribute the module among existing X-Cart users for free
4. The payment module will be implemented in such a way that allows its use with X-Cart 4.1.x and 4.2.x (with moderate customization of X-Cart source code).
5. Third-parties developing integration modules for payment gateways, not supported by the verified payment module out of the box, will have to complete a PA-DSS audit themselves (that costs dozens of thousands USD annually) if the chosen gateway integration method is a subject for PCI-DSS rules.
|
I couldn't see a mention of 4.0.x , only 4.1 onwards