| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | User manuals | Login |
X-Cart and PCI DSS / PA-DSS compliance | ||||
|
|
Thread Tools |
#161
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
Quote:
Is there any way to use it in earlier versions? 4.1.x?
__________________
X-Cart 4.1.11 --------- X-AOM CDSEO Pro Altered Cart On Sale Kosmos Gift Registry BCSE Shipping Per Product What's New xCMS - Blogs, News, Articles |
|||||||
#162
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
There are three key areas for PCI DSS - storage, processing, and transmittal.
I don't recommend you store any card data. Period. There are many ways to get around this. If your virtual terminal won't let you do a refund without CVV, you need a new terminal or to change your controls. THE SERVER Among the largest processors, First Data is requiring EVERY merchant to pass a PCI Compliance SAQ. If you have an ecommerce site, your site/server will be scanned as part of that process. Tons of merchants process through what's called an "ISO" of First Data. That means a whole bunch of you either already have, or will have to pass that test this year via the third party company they hired, Security Metrics. You're supposed to do this on your own regardless of your processor, but too many people (50%) didn't so now it's mandatory with at least that processor. PAYMENT PROCESSING You need an SSL certificate on any system, and everyone has that part down. But the rest of it is where the problems come into play. There are really no short cuts. You either have a shopping cart that is certified compliant or not. Chase Paymentech and others have a stringent cart certification process that most developers have not completed yet. The hosted payment page is a viable alternative to all the issues and cart certification. I'm not familiar with x-payment. Magento users have a solution through CRE Secure. X-cart users can also use the solution. While X-cart is not a ready made module at this time, you can still use the custom integration. When you add up the cost of scanning and everything else, I'm betting this is a cost effective and quick solution. check out this page for how it works http://www.cresecure.com/pages.php?pID=7&CDpath=0 (I'm the "payment network" in the diagram; I have no vested interest in CRE other than it makes clients compliant.) I hope this helps those with immediate needs.
__________________
Chris Ecommerce merchant services specialist Former ecommerce/SEO developer (10 years+) x-cart latest version |
|||||||
#163
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
CRE Secure is really just another hosted payment page like Authorize.Net SIM or Paypal Payflow Link. To pay extra for CRE Secure when many gateways already have hosted payment page options at no cost to the merchant doesn't seem to be a cost effective solution. Yes, CRE Secure automatically scrapes your site design so you don't need to fiddle with configuring a hosted payment page to match your site. But to avoid a per transaction cost on every transaction and the cost of integration I would take the time to configure a hosted payment page at a gateway already supported by X-Cart.
__________________
Manuka Bay Company X-Cart Version 4.0.19 [Linux] UGG Boots and other fine sheepskin products http://www.snowriver.com |
|||||||
|
#164
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
PCI info for those X-Cart users who use PayPal for your merchant account...
PayPal and PCI compliance (Website Payments Pro, Payflow Pro, or Virtual Terminal): https://www.paypal.com/pcicompliance PayPal helps (from the above link): PayPal has partnered with ScanAlert, a Visa and MasterCard-certified PCI vendor, to help our customers comply at no cost for the first year. Enroll online with ScanAlert at: https://www.scanalert.com/SignUp.sa?oc=9673. PCI Data Security Standards Payment Card Industry Data Security Standards (PCI DSS) – are a set of network security and business practice guidelines adopted by major credit card companies to help protect customers’ payment card information. This module reviews the 12 requirements all merchant websites must meet to comply with PCI DSS. We also explain how to validate compliance and how to implement and support PCI DSS when using a PayPal solution. Module: http://www2.eventsvc.com/paypaldev/event/0a654a52fd7a4c9db8ef81d3441f4c1d PCI Compliance for PayPal Developers (PDF): https://cms.paypal.com/cms_content/CA/en_US/files/developer/PP_PCI_Compliance_WhitePaper.pdf PCI DSS Compliance – Website Payments Standard: https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Marketing/merchant/PCIComplianceDSS-outside PDF: https://www.paypalobjects.com/WEBSCR-620-20100330-1/en_US/pdf/PP_WebsitePaymentsStandard_PCIComplianceDSS.pdf PCI Compliance Solutions: https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/solutions_pci_compliance --- And from PCI Security Standards Council... PCI DSS New Self-Assessment Questionnaire (SAQ) Summary V1.2: https://www.pcisecuritystandards.org/saq/instructions_dss.shtml Self-Assessment Questionnaire - Instructions and Guidelines v1.1 (PDF): https://www.pcisecuritystandards.org/pdfs/instructions_guidelines_v1-1.pdf
__________________
X-cart 4.1.10 |
|||||||
#165
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
Quote:
https://www.pcisecuritystandards.org/pdfs/pci_dss_saq_instr_guide.pdf
__________________
Manuka Bay Company X-Cart Version 4.0.19 [Linux] UGG Boots and other fine sheepskin products http://www.snowriver.com |
|||||||
#166
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
This thread is making me dizzy, so please forgive my basic questions:
- I'm currently using 4.0.19 and TrustCommerce (a gateway that I see will not be supported in 4.3). I do not store customer credit card data in my store. Will I still be considered non PCI compliant when the new rules go into effect? - TrustCommerce is offering me a better discount rate if I sign a new 2-year contract with them. I've been satisfied with them, but should I not sign up for 2 more years, given that newer versions of X-Cart won't support them? Thanks for helping me understand how to proceed.
__________________
Currently 4.0.19 Upgrading to ????? |
|||||||
#167
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
Quote:
Compliant with the new VISA mandate to use PA-DSS certified applications - no. Quote:
__________________
Manuka Bay Company X-Cart Version 4.0.19 [Linux] UGG Boots and other fine sheepskin products http://www.snowriver.com |
|||||||
#168
|
|||||||||
|
|||||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
Quote:
Could you please share some recommended "hosted payment pages"?
__________________
X-Cart Version 4.1.12 Dedicated server |
|||||||||
#169
|
|||||||||
|
|||||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
Quote:
We have been researching many and find these to be popular and also well configurable: -Authorize.net SIM -Payflow Link -CyberSource (Hosted) Cybersource looked pretty interesting as far as making the checkout look like your own site. Hope that helps! Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002! We support X-cart versions 3.x through 5.x! Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more! Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com Please E-Mail us for questions/support! |
|||||||||
#170
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
For Canadians I recommend:
Elavon / Virtual Merchant Moneris / sSelectPlus Depending on the version of x-cart you have you may have to pay someone to backport the integration file for you like we did. This costs about $200. Elavon has better credit card rates but Moneris has more complex software so it just depends what your needs are. Also you can get better rates from Moneris but you have to negotiate hard.
__________________
X-Cart 4.1.11 --------- X-AOM CDSEO Pro Altered Cart On Sale Kosmos Gift Registry BCSE Shipping Per Product What's New xCMS - Blogs, News, Articles |
|||||||
|
|||
X-Cart forums © 2001-2020
|