X-Cart forums

[cflsystems]

I feel like re-posting this - maybe QT missed it?
Can we get an answer please

Quote:

Just out of curiosity - how other carts can have updates and be certified? I can't imagine they are released bug free and I can't imagine they release bugs fixes once or twice per year and I can't imagine them paying big bucks every 2-3 months for being certified. So somehow they have managed to be certified, release bug fixes and new versions and stay in business. I guess there has to be a way then

[adammc]

Hi,

Does this mean that I cannot develop a payment processor / module for NAB Transact without forking out over $1000 for Xpayments??

This is the payment system that we were just about to begin to implement:
http://www.nab.com.au/wps/wcm/connect/nab/nab/home/business_solutions/1/3/12/4

What now do we need to do to use this method?

[ambal]

No, that means you'll need to have your integration certified under PA-DSS with the PCI Council and that costs much much more.

Also, X-Payments doesn't integrate with that method of NAB. So you don't need to buy X-Payments here.

Alex

Quote:

Originally Posted by adammc

Hi,

Does this mean that I cannot develop a payment processor / module for NAB Transact without forking out over $1000 for Xpayments??

This is the payment system that we were just about to begin to implement:
http://www.nab.com.au/wps/wcm/connect/nab/nab/home/business_solutions/1/3/12/4

What now do we need to do to use this method?

[adammc]

Quote:

Originally Posted by ambal

No, that means you'll need to have your integration certified under PA-DSS with the PCI Council and that costs much much more.

Also, X-Payments doesn't integrate with that method of NAB. So you don't need to buy X-Payments here.

Alex

Hi Alex,

Thanks for the reply.
Is that certification needed only in the US at the moment or ALL of the world ?
So I can still do a custom integration for NAB's direct post gateway without any hassle?

[totaltec]

Its a global standard Adam. It is set by the PCI council which is formed of the major credit card companies (visa, amex, mc, discover, jcb)

https://www.pcisecuritystandards.org/organization_info/index.php

[adammc]

[quote=totaltec]Its a global standard Adam. It is set by the PCI council which is formed of the major credit card companies (visa, amex, mc, discover, jcb)

So what must I do to develop a new payment system / processor for 'NAB Transact that conforms with PA-DSS?

On their info page it states

Quote:

"With NAB Transact Direct Post you can have Payment Card Industry Data Security Standards (PCI DSS) compliance and still host your own payment page"

[cflsystems]

This material is so confusing (the PCI) in any aspect that you have to go to the source. Don't count on forum users to tell you what to do as most of us don't even know for ourselfs. Ask the payment gateway what they mean by that. Ask your bank if they will accept something like this and if not what they will accept. Read the PCI docs - they do mention scenarios when you develop your own payment application - if not clear email CC companies... And keep records of everything they tell you and who told you what so you don't end up being blamed for something,...

As you can see in this thread there are so many questions and not a straight answer to any of them...

[joelrhome]

I agree with Steve. I do see one constant though. All merchants must be PCI Compliant, and it is an overall process that involves the merchant and how they handle cc data both offline and online. X-Cart is just one component that is related to the SAQ(Self Assessment Questionnaire). That question is something like "Do you process credit cards online?". If someone has a website, most likely they will think "Of course I do" and select Yes on the SAQ. The fact is, you only need to answer yes if you use en embeded gateway directly into X-Cart such as Authorize.net AIM. At this point, X-Cart becomes "In Scope" for PCI DSS Compliance Validation. This is why solutions like X-Payments takes X-Cart "Out Of Scope" for PCI Validation. It is because the cc info is entered into X-Payments(Validated), not X-Cart(Not Validated). Other methods of taking X-Cart "Out of Scope" are to use a hosted payment page. This is where a customer enters cc info on a separate page after checkout, thus taking customers away from X-Cart which is proven to have a decrease on sales conversion. Keeping customers on the website is the best way to go.

So...We had this dilemma, and we searched for a solution. When we could not find a solution that would please our customers and be 100% certain that it would take X-Cart "Out of Scope", we decided to take it upon ourselves to create a solution. As of yesterday, we are a Certified Software Partner with Accelerated Payment Technology, and their PCI DSS Compliant Validated middleware, XCharge, is now integrated into a module for X-Cart. We are offering our module for free of charge to anyone who switches their payment processor to X-Charge. I want to make this available to anyone who wants to go this route, and we made a page on our website that has screen shots and a brief explanation of everything. http://www.dxweb.net/xcharge.html

The best thing about them is that they match or in most cases beat out your current rates.

The only thing that this will cost is the time it takes to switch your payment processing over to XCharge. Once approved, we will deliver the Module for installation. If anyone has any other questions that aren't clear on my website, feel free to contact me.

[joelrhome]

One Quick thing I forgot to mention.. This solution is only for US US Currency. It also only removes X-Cart from PCI Compliance, not necessarily the merchant. You still need to be compliant in other areas of your business.

[tam10]

Joel, what do you refer to by "other areas"?