Thread: X-Payments 1.0 beta testing
View Single Post
  #19  
Old 03-25-2010, 08:24 AM
 
exsecror exsecror is offline
 

X-Wizard
   
Join Date: Apr 2007
Posts: 1,284
 
Default Re: X-Payments 1.0 beta testing
Quote:
Originally Posted by zorg
By taking PCI-DSS into effect in July 2010 VISA is giving merchants only 2 options:

1) configure their stores so that they wouldn't store, process or transmit cardholder data, by using web-based payment gateways.

or (if a merchant wants to be responsible for the safety of credit card data):

2) become PCI-DSS certified.

I do believe the first option, being many times easier and cheaper, should be considered by the most of merchants. That's a typical practice anyway.

By choosing the second option a merchant is obliged to comply with strict PCI-DSS standard requiring him to set up a quite complicated environment where cardholder data could be stored or processed safely (i.e. http://help.qtmsoft.com/index.php?title=File:Xpayments_dataflow.png), and then go through the certification process.

By delivering X-Payments, PA-DSS certified solution, we'll be happy to serve merchants who would select the second option.

It may be in your best interests to also support Payment gateways that take the whole processing out entirely but without requiring the customer to go offsite such as Braintree's Transparent Gateway. For many merchants including us it is not an acceptable or viable solution to have our customers redirect off-site (we do thousands of transactions a week). I also do not want to have to be forced to invest unnecessary funds in a completely separate box for a program that may or may not work (plus I don't trust encrypted code because it's security and stability cannot be audited effectively). Nor do I want to deal with the fact that if the program happens to break due to poor QA testing of having downtime till a engineer looks at which would be a problem anyway because I don't allow unauthorized personnel access to our facilities or servers. Granted right now until I transition us over to Braintree we are out of scope since I re-wrote X-Cart's payment core to forcefully truncate the credit card numbers in compliance with PCI but that's something I can't keep doing, hence the Braintree transition.
Reply With Quote