Quote:
|
Originally Posted by zorg
or (if a merchant wants to be responsible for the safety of credit card data):
2) become PCI-DSS certified.
I do believe the first option, being many times easier and cheaper, should be considered by the most of merchants. That's a typical practice anyway.
By choosing the second option a merchant is obliged to comply with strict PCI-DSS standard requiring him to set up a quite complicated environment where cardholder data could be stored or processed safely (i.e. http://help.qtmsoft.com/index.php?title=File:Xpayments_dataflow.png), and then go through the certification process.
By delivering X-Payments, PA-DSS certified solution, we'll be happy to serve merchants who would select the second option. |
Becoming PCI-DSS Certified isn't that hard or expensive. All I had to do was fill in a form, register at the company our Bank uses, and that's it.
Maybe other banks have other ways of doing it, but on Streamline it was that easy. The only thing I had to change on X-Cart is that it didn't store all the card details. Keeping the last 4 numbers is ok.
I don't need Server Scans or anything like that.
How much did it cost me? A few hours of my time, tops.
Now we, probably as much as most other people running e-commerce sites, don't like to use the "web version" of payment sites as, unless you've spent countless hours making it look like your own site (if they even let you do that) the address in the address bar changes, which in my opinion puts most people off.
I may not use 4.2, 4.1 or 4.0, but if I did, I'd be fuming. You really, really should make it work on 4.x, not just 4.3.x with some pitiful excuse about making "guidelines and patches" for anything not 4.3.x.