[joelrhome]

I have not personally heard any reports either way. I am basing my statement on the fact that in order to maintain PCI DSS Compliance, cc info must be entered into a PCI DSS Validated application. Since with DPM, the cc info is still entered directly into x-cart generated form fields, then it is technically not being entered into a validated application. That is why it is a questionable method, and why some have doubts.

Leaving it up the the QSA pretty much covers your tracks if they are ok with it. For me though, I have personally looked at developing a DPM module when it became available. My issue is that based on the above fact, I did not choose this for my clients since it was too risky for me. I want to be 100% certain, so I don't have to uproot a client down the road.

I have been getting calls about X-Payments requiring a separate SSL cert. I haven't looked into this personally, since my clients are going with our solution. If anyone else can shed some light on it, I am curious..