X-Cart forums

[joelrhome]

I just want to say that I have a lot of respect for the mod developers within the X-Cart community. These guys are smart, and care about customer service. My company has been working with X-Cart since 2003, and we do a LOT of specialized customization. Since then, I have seen a number of these Mod developeres show their expertise, but also care for their customers, and that should be commended.

To anyone who is concerned about PCI Compliance, it can be an overwhelming concern. Don't just shrug this off as a millennium bug, but please reach out to one of us in the X-Cart community for clarification, and assurance. We are here to help you.

I have a client that was improperly scoped for PCI before they became our client, and we discovered yesterday that they have been paying a monthly penalty since 2008 for non-compliance. This isn't a game, and the folks who handle cc processing are serious.

So far, I have only seen 5 solutions for X-Cart.

1. X-Payments
2. BCS Engineering's DPM Module
3. CRE Secure
4. Our modal box gateway.
5. A separate hosted payment page.

If you do any conversion analysis, you know that the numbers are staggering when it comes to Number 5, where you have to enter cc info after the checkout page on a different site after checkout. Let's face it, people are skittish, and anything that might cause the slightest suspicion in security can result in loss of sales.

My point is that everyone needs to think about their customers, and whatever method is both PCI Compliant, and gives your customers ease of use combined with peace of mind.. That should ultimately help your decision in what to do by July 01 2012. I like our method because the payment processor not only met our clients rates, but in most cases beat the rates they have been paying.. I think offering it for free is a good way to contribute to the solution. The only thing is, you would need to switch your payment processor.. After the switch though, you would pay the same or less than you are paying now.

[ambal]

Joel,

> 2. The X-Cart installation is out of scope for PCI and PA DSS
> Compliance - meaning that you do not need to have your website or web
> server validated. This is because technically, credit card info only
> "looks" like it is being entered into X-Cart via a modal box, but in
> fact it is being entered into a PCI DSS validated middleware. This is a
> great solution for any size X-Cart site, but especially for small sites
> that are on shared hosting accounts.

Please let us know when you have your modal box mod PA-DSS certified and listed on the PCI Council web-site.

[gb2world]

There is another solution for x-cart with Braintree:
http://forum.x-cart.com/showthread.php?t=57662
http://www.x-cart.com/braintree.html

---

[balinor]

Interesting Joel, keep us posted.

[joelrhome]

Quote:

Please let us know when you have your modal box mod PA-DSS certified and listed on the PCI Council web-site.

It is already listed on the PCI Council website as payment middleware, not as a modal box. We are just working out the details in integrating it with X-Cart.

[ambal]

Joel, oh, cool. May I learn name of the middleware you are referring to?

[yowstar]

We purchase X-cart a years ago and we are now ready to launch our website. After many years of giving away to Amazon ebay and other some of our profits. They will still get some but the aim is to cut down on the amount they get

I looking for suggestion on hosting environments ones that are PCI compliant, and will work with X-Payment. we want to get off the ground running making sure all angles are covered.

So far I have looked at

hands-on web hosting
hardhat hosting
EWD hosting
X-Cart hosting

One more thing I am also looking for suggestion on alternative to channel advisors we use them to syn our inventory across several market place. Amazon eBay sear and others. Now that we will be using X-cart would like a platform that does include X-Cart as They don't support x Cart

thanks in advanced for your suggestions

[Duramax 6.6L]

I use Hands on and have had very good luck with them.

[joelrhome]

The Payment Processor we are making this mod for is Accelerated Payment Technologies. http://acceleratedpay.com/ Their middleware product is called X-Charge. It is on the PCI Complaince Validated list right before X-Payments. Our solution will be to use X-Charge in an iframe that is loaded into a modal after checkout, which takes X-Cart out of scope. Authorize.net's DPM is still questionable to me, since the form is being served by X-Cart. The post is being handled by Auth.net, which is good, but I have read it is questionable making DPM not pass for some, while it will for others. We considered this, but it was not an option when we found that out.. I wouldn't want it to be ok for some and not others.. The variable would be the payment processor's choice of PCI scanning company.. too many variables.

We are almost finished with the certification then our customers will be changing to the new processor. I really would like to make this module available as an option for X-Cart users for free, and again the only stipulation is that they will need to go through us to change Payment processors. I should have more information within the next few weeks. I hope this helps. I would also welcome anyone's suggestions on how to make this available to X-Cart users other than this thread.. Thanks!!

By the way, the other question... Hard Hat Hosting ROCKS!!!

[klinetim]

Quote:

Originally Posted by joelrhome

... I really would like to make this module available as an option for X-Cart users for free, and again the only stipulation is that they will need to go through us to change Payment processors. I should have more information within the next few weeks. I hope this helps. I would also welcome anyone's suggestions on how to make this available to X-Cart users other than this thread.. Thanks!!

This sounds very good - please add me to your mailing list - also - i've been to your site - will you be making this available for more than one payment gateway? Thanks!