You need to understand WHY x-payments is needed before you can evaluate the reasons for having it or not.
read up on PCI Security Standards
https://www.pcisecuritystandards.org/
I will now oversimplify the general idea:
Does your merchant bank require that your web application be PCI-DSS compliant? If not, your merchant bank is most likely in violation of PCI DSS. If yes, you have only a few choices:
1. Use a "hosted" payment gateway - provided by your merchant bank;
2. Use a PCI-DSS compliant payment application. X-Cart is NOT compliant. X-Payments is.
3. Or use a 3rd party payment processor, such as PayPal.
The bottom line: you are not permitted to collect credit card information on your website unless you meet certain industry standards. If you lie or try to beat the system, and your server gets hacked and credit card numbers are exploited by hackers, you are personally liable for insane amounts of penalties.
If you want to have customers type their credit card numbers into your website, you must have option #1 or #2 (or use a payment service such as #3).
X-Payments is a secure and PCI certified application that IF CONFIGURED properly, is a secure way to collect and process credit cards, in a secure environment separate from your x-cart store. It is NOT a merchant account. It is not a payment gateway. It is the application that connects x-cart (or other configured shopping carts) to your merchant account gateway, securely.
X-Payments is sold as a lifetime license (you provide server) or hosted. Depending on your needs and technical expertise, you should determine which method is better for you.
Got it?