| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
#41
|
|||||||
|
|||||||
Re: X-Payments 1.0 beta testing
Quote:
Appreciate you coming to clear things up, and please stick around/answer questions often as this is a confusing and very serious matter. Quote:
That flies in the face of just about everything I've read about PA-DSS - including the following excerpt from page 5 of the "PCI PA-DSS Requirements and Security Assessment Procedures v.1.2.1" at https://www.pcisecuritystandards.org/pdfs/pci_pa_dss.pdf" The PA-DSS applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third parties. Am I reading this incorrectly?
__________________
----------------- X-cart version 4.2.1 |
|||||||
|
#42
|
|||||||
|
|||||||
Re: X-Payments 1.0 beta testing
Quote:
According to the VISA PA-DSS 7/1/2010 mandate : "Acquirers must ensure their merchants, VNPs and agents use only PA-DSS compliant applications" It says nothing about it applying only if you store credit card numbers. PA-DSS applies if you store, process OR transmit credit card numbers. The emphasis is on the OR. All of the background payment methods transmit credit card numbers therefore they must be PA-DSS certified by 7/1/2010 or merchants can't use them if they accept VISA cards. AFAIK this is a US merchant only mandate at this time with other countries to follow over the next couple of years. See the VISA page on the PA-DSS mandate.
__________________
Manuka Bay Company X-Cart Version 4.0.19 [Linux] UGG Boots and other fine sheepskin products http://www.snowriver.com |
|||||||
|
#43
|
|||||||
|
|||||||
Re: X-Payments 1.0 beta testing
I've been using X-cart for several years (since 2003) and very much appreciate the software, short of this whole PA-DSS issue. Because QT hasn't been very clear about resolving PA-DSS, and the urgency just wasn’t there, I've since moved my web store to a competitor that is PA-DSS certified. (I made this move late last year.)
Once X-payments has been certified, and is considered a reliable, "bug-free" solution by the forum participants, I'd like to come back to X-cart and continue to use the platform. I've tried other solutions and believe X-cart is the most full featured cart out there. I've been reading these forums for months, anticipating making the switch back to X-cart, but the responses from QT regarding PA-DSS have been distressing. There doesn't seem to be a unified understanding of PA-DSS amongst QT, and QT doesn’t seem to be taking the matter very seriously. The most recent posts in this thread are just the latest examples. I’m confident I represent a significant amount of X-cart’s customers. At least I’m willing to come back and give X-cart another try – once this issue has been resolved to the satisfaction of X-cart’s core users – the forum participants. How many other vendors like me have just moved on and won’t be back? If QT doesn’t get PA-DSS right soon, this will hurt everyone involved – possibly beyond repair. Software is only as good as the trust, reputation, and support of the provider.
__________________
X-Cart version 4.4.2 <- preparing to launch Mod: BCS Eng. Advanced Filter |
|||||||
|
#44
|
|||||||
|
|||||||
Re: X-Payments 1.0 beta testing
Unbelievable. We have been talking about this for MONTHS and now you tell us that you don't even understand the guidelines? How can we expect you to develop a compliant system when you don't even understand the guidelines? I'll make it simple for you:
ANY online store using a background payment gateway (auth.net, Payflow Pro, etc) needs to use a PA-DSS compliant piece of software to transmit credit card data. X-Payments needs to make this happen for any 4.x cart using a payment gateway that does not send the customer to an external site to process the card. And just to reiterate, NO ONE WANTS TO SEND THEIR CUSTOMERS TO AN EXTERNAL SITE TO PROCESS CARDS! Now do you see why it is so important that this gets done YESTERDAY?
__________________
Padraic Ryan Ryan Design Studio Professional E-Commerce Development |
|||||||
|
#45
|
|||||||||
|
|||||||||
Re: X-Payments 1.0 beta testing
WOW. No wonder we're getting complaints from our users and questions on where to get an alternate cart. There is a mad scramble going no now to be compliant, and other carts are already there (and beyond with newer releases etc). This is a sad sad day for X-Cart and the developers as it's just one more nail in the coffin of the software and the choices for users to go to alternate shopping carts.
This needs to get in gear and be in production already!
__________________
Conor Treacy - Big Red SEO - @bigredseo Search Engine Optimization & Internet Marketing - We Bring Your Website Out Of Hiding! If you can't be found on Google, Bing or Yahoo, you pretty much don't exist on the Internet. Omaha SEO Office with National & Local SEO Services Hourly Consulting - great for SEO Disaster Recovery, Audits and DIY Guidance |
|||||||||
|
#46
|
|||||||
|
|||||||
Re: X-Payments 1.0 beta testing
Slightly off topic here, but if you take credit card orders by phone, fax or mail, then you fall into the scope of SAQ-D as you have the card numbers in your possession on paper.
Steve
__________________
Version 4.1.8 & 4.1.9 ezcheckout4.1.x cdseolinks2 product_metatags41x shipping_per_product41x http://www.earthsmagic.com |
|||||||
#47
|
|||||||
|
|||||||
Re: X-Payments 1.0 beta testing
Quote:
I'm at a loss for words.
__________________
~Michael~ a.k.a. PermaNoob V.4.4.3 *HELP!* Apache/Linux OS EWD Hosting VPS |
|||||||
#48
|
|||||||
|
|||||||
Re: X-Payments 1.0 beta testing
Quote:
Edit: You may be thinking of the case when you use a hosted payment page for SAQ A eligibility. Orders by phone, fax or email where you enter card numbers into your gateway web site will kill your SAQ A eligibility. Its somewhat debatable but most I have heard that most acquirers agree it will push you to SAQ C, not SAQ D.
__________________
Manuka Bay Company X-Cart Version 4.0.19 [Linux] UGG Boots and other fine sheepskin products http://www.snowriver.com |
|||||||
#49
|
|||||||
|
|||||||
Re: X-Payments 1.0 beta testing
Okay, so now that you've been exposed as being clueless as to the reality of the situation, can we have some candid, honest, realistic responses from Qualiteam? Can we get someone from Qualiteam to definitely say one of the following:
"Oh, wow, I can't believe we didn't know that! Okay, sure, we're going to get out X-Payment module out for all 4.x carts within a month to accommodate the vast majority of our current customer base." "Oh wow, I can't believe we didn't know that! Unfortunately we don't really have the time/organizational skills/manpower/ability to get this finished in time for you all, so you'd best start working on plan B while you still have time." No more BS Qualiteam.
__________________
----------------- X-cart version 4.2.1 |
|||||||
#50
|
|||||||
|
|||||||
Re: X-Payments 1.0 beta testing
Hello Ralph,
I have a couple questions for you. Do you know if the following 4.3 (and 4.2?) features are required to be compliant, and if so, will these requirements still be necessary with off-site processing? If so, and Qualiteam (or a 3rd party) does not plan on developing these features for prior versions, then we need to get on with 4.3 and/or other options. PCI DSS compliance options
Thanks
__________________
X-Cart Gold v4.6.6 |
|||||||
|
|||
X-Cart forums © 2001-2020
|