[joelrhome]

I had the same question, but according to those I have spoken with, and documentation, the reason that this method takes X-Cart out of scope, is that it is the middleware capturing the cc info, and not even the modal. It isn't quote a "hosted" off site gateway like Authorize.net SIM or Paypal, but rather, it is a patented technology that is Validated. All I know is that the middleware is validated, and those who do the PCI Compliance validation tell me that X-Cart is out of scope this way.