Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls
 

Upcoming X-Cart v 4.4.6 (now renamed to 4.5.0) & PCI-DSS requirements

 
Closed Thread
   X-Cart forums > News and Announcements
 
Thread Tools
  #101  
Old 04-02-2012, 10:49 AM
 
Dima65 Dima65 is offline
 

Advanced Member
  
Join Date: Jul 2008
Posts: 79
 

Question Which Integration Method To Choose?

Hi all. I'm somewhat confused, then, as to which integration method to use between XC 4.4.6 and eProcessing Network, who processes our payments. Here is a list of their 5 available integration methods. Can anyone tell me please? http://www.eprocessingnetwork.com/Utilities.html

D
__________________
X-Cart v4.7.5
reBOOT
  #102  
Old 04-02-2012, 10:52 AM
 
balinor balinor is offline
 

Veteran
  
Join Date: Oct 2003
Location: Connecticut, USA
Posts: 30,253
 

Default Re: Upcoming X-Cart v 4.4.6 & PCI-DSS requirements

You would have to use the Database Engine method.
__________________
Padraic Ryan
Ryan Design Studio
Professional E-Commerce Development
  #103  
Old 04-02-2012, 11:43 AM
 
batt255 batt255 is offline
 

Member
  
Join Date: Feb 2011
Posts: 29
 

Default Re: Upcoming X-Cart v 4.4.6 & PCI-DSS requirements

I don't know where you are getting your info from, but Authorize.net Aim is still PCI excepted. This is on the SAQ. and requires a different level of scanning when using it. ( Which I just passed )
__________________
x-cart 4.4
  #104  
Old 04-02-2012, 12:00 PM
  gb2world's Avatar 
gb2world gb2world is offline
 

X-Wizard
  
Join Date: May 2006
Location: Austin, TX
Posts: 1,970
 

Default Re: Upcoming X-Cart v 4.4.6 & PCI-DSS requirements

Quote:
I think we need to clear up once and for all whether iframes or forms that post directly to the merchant provider's site are compliant or not. Love to hear thoughts on this.

The only judgement that really matters is that of the compliance officer at the merchant's bank. So far, in my small sample, the compliance officer has approved the use of the DPM method, and allowed for filling out of SAQ-A. I would advise having a discussion with them, with an email trail, before you choose to implement it over x-payments.

Quote:
If someone is on redwidget.com and ends up at a checkout with bluewidget.com graphics, they will of course freak out and leave without completing the payment.

I agree that the 10 store functionality of x-payments is not very useful. However - according to QT, you do have the ability to brand the checkout page for each store: http://forum.x-cart.com/showpost.php?p=310504&postcount=2


@nickff
Quote:
You aren't required to make this change until your merchant account provider requires it

I think this is a risky position for you to take with your clients. It could be in the fine print somewhere of something they have received. It could become an issue if there is ever an instance of fraud, then the bank would try to put all the burden on the merchant. I know of several who believe this is a low risk, and choose not to do anything yet while they wait for clear guidance from their banks. It is ultimately the merchant's decision - I just try and make sure they have all the information they need to decide.

---
__________________
X-CART (4.1.9,12/4.2.2-3/4.3.1-2/4.4.1-5)-Gold
(CDSEO, Altered-Cart On Sale, BCSE Preorder Backorder, QuickOrder, X-Payments, BCSE DPM Module)

The following 3 users thank gb2world for this useful post:
ambal (04-03-2012), nickff (04-02-2012), seyfin (04-05-2012)
  #105  
Old 04-02-2012, 12:18 PM
 
batt255 batt255 is offline
 

Member
  
Join Date: Feb 2011
Posts: 29
 

Default Re: Upcoming X-Cart v 4.4.6 & PCI-DSS requirements

I just got off the phone with Authorize.net, Nation wide credit card solutions and Control Scan ( the Company that scans my website for PCI ) none of them have heard of this. They all have said this sounds like a sales ploy. You would think Authorize.net would here about this way before Xcart would.
__________________
x-cart 4.4
  #106  
Old 04-02-2012, 12:34 PM
 
balinor balinor is offline
 

Veteran
  
Join Date: Oct 2003
Location: Connecticut, USA
Posts: 30,253
 

Default Re: Upcoming X-Cart v 4.4.6 & PCI-DSS requirements

None of them have heard of PA-DSS compliance? I highly doubt that. What exactly did you ask them?
__________________
Padraic Ryan
Ryan Design Studio
Professional E-Commerce Development
  #107  
Old 04-02-2012, 12:49 PM
 
batt255 batt255 is offline
 

Member
  
Join Date: Feb 2011
Posts: 29
 

Default Re: Upcoming X-Cart v 4.4.6 & PCI-DSS requirements

I asked them if Authorize.net aim was no longer going to be accepted as being PCI compliant. I also asked them if they have heard of a move not to allow a customer to input their credit card info on a website. That they would be directed to a credit card payment gateway instead and then be allowed to input their credit card info. Such as Authorize.net Sim to be able to be PCI compliant. They all said no they have not heard of such a thing. They all stated as long as you have a SSL installed that you would be fine under PCi guide lines. I know from past experience that the Authorize.net SIm is not very reliable. It will kick out the customer at times sending them back to the website. Authorize.net even suggests using their Aim version instead because of this.
__________________
x-cart 4.4
  #108  
Old 04-02-2012, 01:30 PM
  totaltec's Avatar 
totaltec totaltec is offline
 

X-Guru
  
Join Date: Jan 2007
Location: Louisville, KY USA
Posts: 5,823
 

Default Re: Upcoming X-Cart v 4.4.6 & PCI-DSS requirements

Quote:
Originally Posted by batt255
I just got off the phone with Authorize.net, Nation wide credit card solutions and Control Scan ( the Company that scans my website for PCI ) none of them have heard of this.
batt, I think you don't yet have a full understanding of the scope of this thing. If you complete your SAQ-C, there should be a question:
Please provide the following information regarding the payment applications your organization uses:
Payment Application in Use | Version Number | Last Validated according to PABP/PA-DSS

https://www.pcisecuritystandards.org/security_standards/documents.php?category=saqs

Step 1 to determine if you are compliant is to figure out which SAQ applies to you, most merchants that accept credit cards on their site qualify for SAQ-C

If you call authorize.net back, ask them "Do I need to use a PA-DSS validated payment application?"
__________________
Mike White - Now Accepting new clients and projects! Work with the best, get a US based development team for just $125 an hour. Call 1-502-773-6454, email mike at babymonkeystudios.com, or skype b8bym0nkey

XcartGuru
X-cart Tutorials | X-cart 5 Tutorials

Check out the responsive template for X-cart.

The following 2 users thank totaltec for this useful post:
ambal (04-03-2012), seyfin (04-05-2012)
  #109  
Old 04-02-2012, 02:34 PM
 
componentman componentman is offline
 

Advanced Member
  
Join Date: Sep 2010
Posts: 36
 

Default Re: Upcoming X-Cart v 4.4.6 & PCI-DSS requirements

Dumb question: Why is X-Payments PCI Compliant if you supposedly don't leave your website to process the payment?
__________________
Aaron

Running version: 4.5.5
  #110  
Old 04-02-2012, 04:03 PM
  totaltec's Avatar 
totaltec totaltec is offline
 

X-Guru
  
Join Date: Jan 2007
Location: Louisville, KY USA
Posts: 5,823
 

Default Re: Upcoming X-Cart v 4.4.6 & PCI-DSS requirements

Because X-payments has been validated by the pci council to meet the requirements of PA-DSS. For you to be pci compliant and accept cards directly on your site, you must use a PA-DSS validated payment application.
__________________
Mike White - Now Accepting new clients and projects! Work with the best, get a US based development team for just $125 an hour. Call 1-502-773-6454, email mike at babymonkeystudios.com, or skype b8bym0nkey

XcartGuru
X-cart Tutorials | X-cart 5 Tutorials

Check out the responsive template for X-cart.

The following 2 users thank totaltec for this useful post:
ambal (04-03-2012), seyfin (04-05-2012)
Closed Thread
   X-Cart forums > News and Announcements



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 03:30 PM.

   

 
X-Cart forums © 2001-2020