[freeportway]

Vyacheslav,

Bzzzzt... Wrong answer.

The encryption of the source code using ionCube / etc. has NOTHING, ZERO, NADA, ZILCH to do with PCI-DSS. I deal with PCI ALL DAY LONG...
I've never heard a company that does audits come back and say "Oh, you need to encrypt your source code..."
In fact, most of them never even look at the source code.

If other shopping carts (Magento for example are "PCI") and they are not encrypting their payment module(s), why do you need too? Very strange.

Unless you're going to sell that as an "add-on", thats my guess?

Encrypting of the source code has nothing to do with PCI protection. PCI is all about following the rules and standards.

You folks need to hire a an outside company that does PCI audits, have them go through X-Cart then have them explain to you what needs to be fixed.
For PCI compliancy its typically around HOW you're doing things not usually how the code is doing it.

This guessing game won't work, and certainly locking down the payment module has really NO merit towards PCI, you could still have a payment
module thats encrypted with ionCube still NOT be PCI.

Lastly, I'll ask what nobody else wants too...

How much will the payment module cost once its encrypted? I see no other reason to lock down the source code of part of X-Cart only to
be able to market it and sell it as the "PCI version" of the product and charging more.

Hopefully I'm wrong.