| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | Mark Forums Read | User manuals | Login |
Authorize.net DPM (PA/DSS Compliant) | ||||
|
|
Thread Tools |
#21
|
|||||||||
|
|||||||||
Re: Authorize.net DPM (PA/DSS Compliant)
Quote:
Hm, if you use Authorize.Net DPM, then the credit card form is generated by your shopping cart/scripts.
__________________
Eugene Kaznacheev, Evangelist/Product Manager at Ecwid: http://www.ecwid.com/ (since Sept 2009) ex-Head of X-Cart Tech Support Department ex- X-Cart Hosting Manager - X-Cart hosting ex-X-Cart Technical Support Engineer Note: For the official guaranteed tech support services please turn to the Customers HelpDesk. |
|||||||||
#22
|
|||||||
|
|||||||
Re: Authorize.net DPM (PA/DSS Compliant)
Also, I don't see Auth.net advertises DPM as a cure for PA-DSS
__________________
4.1.11 |
|||||||
#23
|
|||||||
|
|||||||
Re: Authorize.net DPM (PA/DSS Compliant)
Perhaps BCS should step in here and answer this question, as clearly there is some confusion - my own included
__________________
Padraic Ryan Ryan Design Studio Professional E-Commerce Development |
|||||||
#24
|
|||||||
|
|||||||
Re: Authorize.net DPM (PA/DSS Compliant)
I think the concept behind this is the same as the Braintree Transparent Redirect:
The key thing isn't where the cc information is typed in; it's where and how information is sent. A customer's computer is completely outside of PCI scope, and they can type their cc numbers anywhere on their computer til the cows come home, with no problem. It's how and where the numbers are sent that makes the difference. So they type it in their browser but instead of it being sent to your server, that information is sent directly to the gateway (Braintree / Authorize.net). Your hosting server never sees it.
__________________
X-Cart version 4.0.17 X-Cart version 4.0.18 Web servers = Apache OS = Linux |
|||||||
|
#25
|
|||||||||
|
|||||||||
Re: Authorize.net DPM (PA/DSS Compliant)
Quote:
I think Gravel explains it very well. Authorize.net can't say it takes you out of PA/DSS scope because they cannot comment on your other business processes which may touch/transmit CC information. This is also why we state on our site states that it Quote:
and Quote:
So it is one step towards PCI compliance, but PCI compliance goes beyond just your payment gateway. This is also the same as X-payments if you choose to use that route. It's just one step towards PCI compliance. I hope this helps. Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002! We support X-cart versions 3.x through 5.x! Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more! Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com Please E-Mail us for questions/support! |
|||||||||
|
#26
|
|||||||
|
|||||||
Re: Authorize.net DPM (PA/DSS Compliant)
Yea, that's what I meant
__________________
Padraic Ryan Ryan Design Studio Professional E-Commerce Development |
|||||||
#27
|
|||||||||
|
|||||||||
Re: Authorize.net DPM (PA/DSS Compliant)
For what it is worth - I sent the links for DPM and also the product descriptions on BCSE's site to the director of PCI compliance for the bank who holds the merchant account for one of my clients. They reviewed it and let this particular client know that they would qualify to use SAQA for compliance. I always advise people to try and get the plans for compliance to be reviewed by the bank (with mixed results).
---
__________________
X-CART (4.1.9,12/4.2.2-3/4.3.1-2/4.4.1-5)-Gold (CDSEO, Altered-Cart On Sale, BCSE Preorder Backorder, QuickOrder, X-Payments, BCSE DPM Module) |
|||||||||
|
#28
|
|||||||||
|
|||||||||
Re: Authorize.net DPM (PA/DSS Compliant)
Quote:
Glad to hear they were able to do the SAQA! That's good news! Thanks for letting us know. Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002! We support X-cart versions 3.x through 5.x! Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more! Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com Please E-Mail us for questions/support! |
|||||||||
#29
|
|||||||||
|
|||||||||
Re: Authorize.net DPM (PA/DSS Compliant)
No Carrie - thank you. Your mod + DPM is a real game changer for my newer Authorize.net clients as well as the clients I have that were lucky enough to get delayed by the confusion over PCI/DSS compliance. (I guess sometimes the late bird lucks out and gets a worm as well.) I hope Authorize.net, Braintree and others with these methods start getting a competitive advantage so the other gateways are encouraged to do it as well. (I'm plagued with several Innovative and Cybersource accounts to support.) But even within Authorize.net - they ignore my pleading with them to offer a DPM for their CIM method! Not that I want to give X-Payments an early retirement - but with the gateways knowing this kind of thing is possible and not doing it - we'll still need X-Payments.
Also - for at least 2 of my clients, it swings us back in favor of upgrading to 4.4.x or waiting for 5, instead of leaving X-Cart all together. If more gateways start implementing similar methods, and you are still able to release reasonably priced connectors - this should be good news for QT too. ---
__________________
X-CART (4.1.9,12/4.2.2-3/4.3.1-2/4.4.1-5)-Gold (CDSEO, Altered-Cart On Sale, BCSE Preorder Backorder, QuickOrder, X-Payments, BCSE DPM Module) |
|||||||||
#30
|
|||||||||
|
|||||||||
Re: Authorize.net DPM (PA/DSS Compliant)
Just to make sure we are on the same track - we are talking about one of the PCI-DSS requirements - having to use a PA-DSS certified solution in case you want customers to enter credit card details on your site.
Technically DPM implementation makes entering credit card details "out of scope" of your shopping cart, but at the same time the credit card details page belongs to shopping cart application and this is the fuzzy moment here - must that shopping cart application be PA-DSS certified or not? Our QSA suggested that yes since the credit card form is generated by the application and this is the main reason we had to implement a separate "enter credit card details" page in X-Payment. Looks like DPM makes meeting PCI-DSS requirements easier for a merchant (SAQ A instead of SAQ C according to gb2world's post), but it can't be advertised as a PA-DSS compliant solution (Auth.net doesn't advertise it so either). Neither DPM is a replacement for X-Payments in terms of "using a PA-DSS certified solution". I am still not sure whether or not it can be a way to avoid having to use a PA-DSS certified solution. I "+1" to gb2world's suggestion: Quote:
Ask *your bank* before implementing DPM or anything else. PCI-DSS requirements are vague and different specialists may understand it differently. PS: and post your results here to help other merchants, too!
__________________
Sincerely yours, Alex Mulin VP of Business Development for X-Cart X-Payments product manager |
|||||||||
|
Thread Tools | |
|
|
|
|||
X-Cart forums © 2001-2020
|