Quote:
Originally Posted by geckoday
For PA-DSS compliance it is best to separate out the payment functions as a module to reduce the scope of what you have to pay a PA-QSA to validate and minimize the code you have to ensure meets PA-DSS requirements. That doesn't mean it must be turned into the equivalent of a payment gateway firewalled away from your application on a separate server or VPS. In fact, the category X-Cart would fall into in the PCI-SSC list of PA-DSS validated applications is "Shopping Cart & Store Front". There are two direct competitors to X-Cart on that list and neither forces you to split the payment process out to a separate server or VPS.
X-Payments, if designed properly, could easily be a separate module from the core of X-Cart, be PA-DSS validated without having to validate the core of X-Cart and fit transparently into the existing X-Cart checkout process.
|
Thanks for the clarification. I understand better now why all the trouble with separate module.