Quote:
Originally Posted by cflsystems
Then why not just make X-Cart PCI-DSS instead of developing a new application to handle this? Originally I was under the impression XPayments will be integrated part of xcart store not almost like payment gateway
|
For PA-DSS compliance it is best to separate out the payment functions as a module to reduce the scope of what you have to pay a PA-QSA to validate and minimize the code you have to ensure meets PA-DSS requirements. That doesn't mean it must be turned into the equivalent of a payment gateway firewalled away from your application on a separate server or VPS. In fact, the category X-Cart would fall into in the PCI-SSC
list of PA-DSS validated applications is "Shopping Cart & Store Front". There are two direct competitors to X-Cart on that list and neither forces you to split the payment process out to a separate server or VPS.
X-Payments, if designed properly, could easily be a separate module from the core of X-Cart, be PA-DSS validated without having to validate the core of X-Cart and fit transparently into the existing X-Cart checkout process.