| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | Mark Forums Read | User manuals | Login |
X-Cart and PCI DSS / PA-DSS compliance | ||||
|
|
Thread Tools |
#131
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
We get scanned daily and are PCI compliant, and I fill in the SAQ-D every quarter and send it off you our processor. We would also be charged the $20 a month if we didn't send the stuff to them.
We accept FAX credit card information, so we need to fill in the SAQ-D because we have access to the credit card numbers. I will wait and see if our processor checks on the cart we are using. X-payments doesn't sound like a good solution for us, unless we make some significant changes to it, or the way we extract data for our other systems. Steve
__________________
Version 4.1.8 & 4.1.9 ezcheckout4.1.x cdseolinks2 product_metatags41x shipping_per_product41x http://www.earthsmagic.com |
|||||||
#132
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
I changed processors because they were going to charge a 20.00 a month no compliant fee. They also required a membership at a scan company of there choice that was 700.00 a year, did not matter if you had the scan report or not, you had to use theirs.
__________________
Xcart 5.1.6 Building New Store Xcart4.6.4 Gold Plus Xcart 4.6.4 Platinum Smart Template, Mail Chimp Upgrade Checkout One (One Page Checkout) Checkout One X-Payments Connector Checkout One Deluxe Tools Call For Price On Sale Module Buy Together Module MAP Price MOD |
|||||||
#133
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
As for changes to x-payments, they said the code will be encoded, so I do not think we will be able to alter the code
__________________
Xcart 5.1.6 Building New Store Xcart4.6.4 Gold Plus Xcart 4.6.4 Platinum Smart Template, Mail Chimp Upgrade Checkout One (One Page Checkout) Checkout One X-Payments Connector Checkout One Deluxe Tools Call For Price On Sale Module Buy Together Module MAP Price MOD |
|||||||
#134
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
Why is RBS-World-pay gateway absent from this list?
As you know, we have spent a lot of time and money developing our site using X-Cart, based on the fact it supported a payment gateway we could use here in Asia... i.e. without world-pay support we have wasted our time it seems... Before I hit the roof and start getting really hacked off... please explain ASAP, what our options are going to be? - thanks, Asiaplay Quote:
__________________
X-Cart Gold version 4.1.9 (plus built in X-Cart bugs!) |
|||||||
#135
|
|||||||||
|
|||||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
Quote:
A quote from PA-DSS standard: Quote:
With the RBS Worldpay's gateway integrated with X-Cart 4.x (I mean Hosted Payment Page - HTML Redirect API) customers enter credit card data on a Worldpay's server, and neither your server nor X-Cart stores, processes or transmits cardholder data. So, from the standard's point of view, your X-Cart is just another web application installed on your server. As far as I know PCI DSS standard doesn't require all web applications to be certified as PA-DSS compliant. So, you don't need X-Payments in order to be PCI DSS compliant. Just make sure that all CC functions are disabled in your X-Cart. I believe it would be better if you clarify it with your acquirer. And I would appreciate if you let us know their response on this matter. |
|||||||||
#136
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
Dear Xplorer,
Ok - thanks... I will discuss this with more with RBS Worldpay then I guess we will have to get PCI Compliance Vulnerability Scanning done quarterly and complete the self assessment document anyway - there seems no way around this part since our site is modified heavily... so even if X-Cart was PA DSS validated (which I understand it isn't and never will be), it seems we can not avoid that cost anyway... Cheers, Asiaplay
__________________
X-Cart Gold version 4.1.9 (plus built in X-Cart bugs!) |
|||||||
#137
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
I have just spoken to Sagepay who tell me that because we use vspform it is they who have to be pci compliant and not our site.
However because I also take payments via the phone I have to have a 'certificate'. Looking more into this but if this is correct then that's really good news as am currently looking for an alternative shopping cart in fear that x-cart will not be ready in time.
__________________
version 5.3.1 on dedicated server. |
|||||||
|
#138
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
So, after reading through this thread, am I correct that a valid option to anyone using x-cart that wants to be compliant and avoid the PA-DSS software requirements, is to integrate a compliant 3rd party payment gateway using an iframe?
If this is true, wouldn't it be a good idea for someone to start cranking out iframe integration modules for the various 3rd party gateways? ...or am I missing something with all of this? A related question: With all of the iframe injection issues that have gone around, even if the above is true, would there be possible problems in relying on an iframe for this purpose? Thanks
__________________
XC 4.4.5 Gold |
|||||||
#139
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
Quote:
|
|||||||
#140
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
USAEpay appear to have a configurable page that is hosted on their secure server, and can be made to look like it is still on your site. Haven't tried it yet, but it may be a solution.
The only possible drawback is that xcart may not support this method. Steve
__________________
Version 4.1.8 & 4.1.9 ezcheckout4.1.x cdseolinks2 product_metatags41x shipping_per_product41x http://www.earthsmagic.com |
|||||||
|
Thread Tools | |
|
|
|
|||
X-Cart forums © 2001-2020
|