| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | User manuals | Login |
Upcoming X-Cart v 4.4.6 (now renamed to 4.5.0) & PCI-DSS requirements | ||||
|
|
Thread Tools |
#61
|
|||||||||
|
|||||||||
Re: Upcoming X-Cart v 4.4.6 & PCI-DSS requirements
Quote:
That is true but will result of url change for 9 of the store. And there is the additional checkout step. So all the 10 stores can use payment gateway hosted page with the same success (url change as well and additional checkout step) and for FREE (as an oposite to $1200 for XPayments). The ability of XPayments to connect up to 10 stores is good yes but it is good for someone selling it as a service and acting like payment gateway. Every individual store owner will want the url not to change and no redirection
__________________
Steve Stoyanov CFLSystems.com Web Development |
|||||||||
|
#62
|
|||||||
|
|||||||
Re: Upcoming X-Cart v 4.4.6 & PCI-DSS requirements
PCI-DSS Sounds like a right load of B*****ks. I'll be sticking with my 4.4.5 , manual CC processing and Paypal. I did enqire once about online processing and it was expensive and riddled with paperwork and questionaires fit for joining MI5.
A colleague of mine who runs a similar shop has recently ceased accepting credit cards and relies solely on Paypal and bank transfers
__________________
Xcart Gold 4.1.11-Gone = 4.7.11-Live |
|||||||
#63
|
|||||||
|
|||||||
Re: Upcoming X-Cart v 4.4.6 & PCI-DSS requirements
Quote:
Mmmh: this fact is still not very clear to me. Quote:
First of all, if you look carefully at the link provided by seyfin Quote:
Quote:
Second, if you look at the official PCI Compliance: https://www.pcisecuritystandards.org/merchants/how_to_be_compliant.php You just need to fill in a SAQ and have a quarterly PCI Security Scan (and pass them) Third: if you know how to fill in the SAQ, you just need to pay for the scans, which cost very much less than x-Payments. http://www.ncircle.com/index.php?s=products_pci-compliance I have been contacted by a famous company wich does PCI compliance and asked for $4000 for being compliant (we have made our own personalized payment gateway connection software), but I do not agree that the price should be that high. After all they just have an online form for the SAQ and a scan service with non-automated (ie human) support service. Still very perplexed, but until PCI council web site states: "you need a $4000 service to be PCI-DSS compliant", I'm trying to find cheaper alternatives. |
|||||||
#64
|
|||||||
|
|||||||
Re: Upcoming X-Cart v 4.4.6 & PCI-DSS requirements
Sounds to me like X-Payments just needs to be made part of X-Cart and then the problem is solved. I doubt the competition are going to remain non PCI compliant for long...
__________________
Best regards, Donavichi. - - - Website Copywriting || Web Design || FAQs || Home & Garden Blog |
|||||||
#65
|
|||||||
|
|||||||
Re: Upcoming X-Cart v 4.4.6 & PCI-DSS requirements
mabiuso, no offense, but you are incorrect. We've been dealing with this issue for quite a long time (look through the history of this subject here in the forums). The PDF you quoted from is from 2009 - the new regulations kicked in July of 2010. So get your info correct before you quote it. Current documentation is here:
https://www.pcisecuritystandards.org/security_standards/documents.php?association=PA-DSS Next, PCI is only part of the PCI-DSS regulations. Yes, you need a quarterly scan and be on a server that is compliant. That is half of it - but then you need to be using a compliant cart, processor or system. You cannot store CC info and you cannot process cards through a non-compliant processor. While it is true that a PCI scan and SAQ were all you needed in the past, that is no longer the case. Hence the major uproar here, and the reason for X-Payments and for X-Cart to drop payment gateways from their cart. X-Payments is compliant, X-Cart is not. So if you want to process cards on your site with X-Cart, you need to use X-Payments. So that is indeed a correct statement. Paul H, if you really think this regulation is BS, you are in for a rude awakening. You absolutely cannot store CC info on the server anymore, if your merchant account or customers found out you were doing that, you'd be dropped in a heartbeat and liable for some serious fines. Worse, if you are hacked and your credit card data is stolen, you are liable for $50k fines. Have fun with that. Paypal is fine - that takes you out of the PA-DSS scope, but storing CC info is just plain dumb. donavici, X-Payments can't be part of X-Cart - that's the point. If it was, X-Cart itself would have to be made compliant, which would be a whole lot more expensive as Qualiteam would have re-certify it each time they upgrade it. Hence the reason X-Payments was built - to take X-Cart out of the scope of compliance.
__________________
Padraic Ryan Ryan Design Studio Professional E-Commerce Development |
|||||||
#66
|
|||||||
|
|||||||
Re: Upcoming X-Cart v 4.4.6 & PCI-DSS requirements
Of course, a subscription-based service for X-Payments might go a long way to reduce friction and increase take-up from the community, seeing as it's more likely to attract more interest if there's not such a high cost of entry - just a thought.
__________________
Best regards, Donavichi. - - - Website Copywriting || Web Design || FAQs || Home & Garden Blog |
|||||||
#67
|
|||||||
|
|||||||
Re: Upcoming X-Cart v 4.4.6 & PCI-DSS requirements
Subscription-based service?
__________________
Padraic Ryan Ryan Design Studio Professional E-Commerce Development |
|||||||
#68
|
|||||||
|
|||||||
Re: Upcoming X-Cart v 4.4.6 & PCI-DSS requirements
It's like the ecommerce equivalent of the millenium bug.
Don't panic, people.
__________________
xcartmods.co.uk |
|||||||
#69
|
|||||||
|
|||||||
Re: Upcoming X-Cart v 4.4.6 & PCI-DSS requirements
While there isn't reason for panic, it shouldn't be taken lightly either. They ARE fining for non-compliance, and if you are hacked while non-compliant, you ARE liable. It does need to be taken seriously.
__________________
Padraic Ryan Ryan Design Studio Professional E-Commerce Development |
|||||||
#70
|
|||||||
|
|||||||
Re: Upcoming X-Cart v 4.4.6 & PCI-DSS requirements
It's just common sense, I don't think there's any need to ramp it up and put people in fear of fines. It's the way the internet is going, so let's get on with it.
__________________
xcartmods.co.uk |
|||||||
|
|||
X-Cart forums © 2001-2020
|