Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

X-Payments 1.0 beta testing

 
Reply
   X-Cart forums > News and Announcements
 
Thread Tools
  #11  
Old 03-24-2010, 04:09 AM
  zorg's Avatar 
zorg zorg is offline
 

X-Cart team
  
Join Date: Sep 2002
Posts: 22
 

Default Re: X-Payments 1.0 beta testing

Thank you all for your interest in X-Payments application. My name is Yury Zaytsev, I'm CTO at Qualiteam, though haven't been posting much to X-Cart forums previously.

Quote:
Originally Posted by balinor
Just to reiterate once again, this module needs to be available for 4.0, 4.1 and 4.2 or you will have THOUSANDS of very unhappy clients.

Just to make it clear, X-Payments 1.0 will be released along with a mod for X-Cart 4.3.

Depending on your needs we'll also prepare guidelines and patches on using X-Payments with other X-Cart versions, LiteCommerce and other open source e-commerce software.

The important thing to note is that X-Payments is intended only for the minor part of merchants who want to go through the complete process of PCI-DSS certification. X-Payments, thanks to the PA-DSS compliance, will make it easier for the merchants.

The major part of online stores currently operating could be configured to actually become out of the scope of PCI-DSS certification (in this case a store should not store, process or transfer cardholder data). Guidelines on configuring X-Cart in this manner can be found at http://help.qtmsoft.com/index.php?title=X-Cart:User_manual_contents (see "Configuring X-Cart to meet PCI DSS").

Thank you for the cooperation, and feel free to contact me for further clarification.
__________________
Yury Zaytsev
CQO
www.x-cart.com
Reply With Quote
  #12  
Old 03-24-2010, 08:33 AM
 
gravel gravel is offline
 

Senior Member
  
Join Date: Mar 2004
Posts: 156
 

Default Re: X-Payments 1.0 beta testing

Quote:
Originally Posted by zorg
The major part of online stores currently operating could be configured to actually become out of the scope of PCI-DSS certification (in this case a store should not store, process or transfer cardholder data). Guidelines on configuring X-Cart in this manner can be found at http://help.qtmsoft.com/index.php?title=X-Cart:User_manual_contents (see "Configuring X-Cart to meet PCI DSS").
Thank you Yury for finally commenting on this important question. In the part of the manual you point to, it says:

Quote:
Disable background payment methods

With a background payment method, customers input their credit card data on the side of X-Cart at the final step of checkout. Since X-Cart itself is taken out of PCI DSS scope and does not comply to PCI DSS requirements, you must disable all background payment methods in your store. This does not really mean that you will not be able to use background payment methods to accept payments online: an interface to use such methods is now fully supported by X-Payments, which is PA-DSS compliant.

What this says is that anyone using, for instance, Authorize.net AIM, which is indeed a background method, would have to use X-Payments. Do you really think that such installations are in the minority? Don't the vast majority of shops prefer to NOT have their customers go off-site during checkout (as happens with, for instance, Authorize.net SIM)? Isn't that why there is so much clamor for X-Payments to be released - and for older versions of X-Cart?

The you say:
Quote:
Depending on your needs we'll also prepare guidelines and patches on using X-Payments with other X-Cart versions, LiteCommerce and other open source e-commerce software.

Really? "Depending on your needs"...!? How could you not understand that many, many X-Cart users NEED a suitable version of X-Payments?

With all due respect, I think you do not know your customer base very well.

I am confident that I speak for many X-Cart users: Please make releasing X-Payments for ALL versions a top priority.
__________________
X-Cart version 4.0.17
X-Cart version 4.0.18
Web servers = Apache
OS = Linux
Reply With Quote

The following 6 users thank gravel for this useful post:
am2003 (03-24-2010), Asiaplay (03-25-2010), exsecror (03-24-2010), gb2world (03-24-2010), hramani (03-24-2010), icnjan (04-12-2010)
  #13  
Old 03-24-2010, 02:02 PM
 
Viejo Viejo is offline
 

Advanced Member
  
Join Date: Sep 2006
Location: San Diego area
Posts: 34
 

Default Re: X-Payments 1.0 beta testing

We'd like to participate in the beta testing. We have 2 new 4.3.x sites up or going up. I'm also hopeful you'll have x-payments certified for at least 4.1.x and 4.2.x.
__________________
Versions 4.3.1 - 4.5
Reply With Quote
  #14  
Old 03-24-2010, 04:04 PM
 
Duramax 6.6L Duramax 6.6L is offline
 

X-Adept
  
Join Date: Dec 2006
Posts: 865
 

Default Re: X-Payments 1.0 beta testing

I have been waiting for x-payments to be released. Please include me in the beta testing.
__________________
Xcart 5.1.6 Building New Store
Xcart4.6.4 Gold Plus
Xcart 4.6.4 Platinum
Smart Template,
Mail Chimp Upgrade
Checkout One (One Page Checkout)
Checkout One X-Payments Connector
Checkout One Deluxe Tools
Call For Price
On Sale Module
Buy Together Module
MAP Price MOD
Reply With Quote
  #15  
Old 03-24-2010, 06:37 PM
 
necroflux necroflux is offline
 

Advanced Member
  
Join Date: Feb 2009
Posts: 47
 

Default Re: X-Payments 1.0 beta testing

Indeed the vast majority of X-cart users are using Authorize as a background payment process, and are still using 4.1 or 4.2. Let me second the fact that not programming this payment module to be compatible with these still heavily used versions would be a devastating oversight that would alienate a huge number of your customers once the PA-DSS compliance deadline passes.

I would go as far to say that it is your responsibility as a company to ensure that to a certain degree all widely used versions of your software receive a working payment module that is PA-DSS compliant.
__________________
-----------------
X-cart version 4.2.1
Reply With Quote
  #16  
Old 03-24-2010, 11:16 PM
  SamsonWebDesign's Avatar 
SamsonWebDesign SamsonWebDesign is offline
 

Senior Member
  
Join Date: Oct 2008
Location: East Sussex, UK
Posts: 101
 

Default Re: X-Payments 1.0 beta testing

I'd like to test this also.
We currently only have 3 customers on 4.3 and a LOT on the 4.1 and 4.2 strains so it would be good to have is compatible with these too as echoed in this thread.
__________________
Versions 4.1.11 to 4.6.4 ... when will the new versions end!

Custom X-Cart driven e-commerce sites, skins and installations at www.samsonwebdesign.co.uk
Reply With Quote
  #17  
Old 03-25-2010, 06:01 AM
 
canuck canuck is offline
 

Advanced Member
  
Join Date: Oct 2007
Location: Ontario, Canada
Posts: 65
 

Default Re: X-Payments 1.0 beta testing

Quote:
Originally Posted by zorg
The important thing to note is that X-Payments is intended only for the minor part of merchants who want to go through the complete process of PCI-DSS certification. X-Payments, thanks to the PA-DSS compliance, will make it easier for the merchants.

The major part of online stores currently operating could be configured to actually become out of the scope of PCI-DSS certification (in this case a store should not store, process or transfer cardholder data). Guidelines on configuring X-Cart in this manner can be found at http://help.qtmsoft.com/index.php?title=X-Cart:User_manual_contents (see "Configuring X-Cart to meet PCI DSS").

I'm concerned and frankly stunned that the CTO of Qualiteam feels that most merchants are OK with having customers leave the site to make their payment, and that making the Xpayments available for anything less than 4.3 will be an afterthought.

For the last 6-9 months, I've been watching threads about this magical payment module, XCart V5, then 4.2, 4.3, etc. There seems to be VERY little actual information available about X-Payments and how it would work with each payment gateway. I've even tried to get this information directly through Qualiteam's support desk with nothing but vague answers.

I'm watching threads about people having trouble with Paypal and a number of other issues with 4.3 which is why I'm sure MANY people including me, are avoiding an upgrade. I was hoping finally a nice one-page checkout would have been in the works too but apparently not.

This post was very revealing and at the same time disheartening. I'm not sure about the other customers out there but I'm desperately in need of some better information, fast!
__________________
X-Cart Gold 4.1.10
AARtech Canada
Reply With Quote
  #18  
Old 03-25-2010, 07:37 AM
  zorg's Avatar 
zorg zorg is offline
 

X-Cart team
  
Join Date: Sep 2002
Posts: 22
 

Default Re: X-Payments 1.0 beta testing

Quote:
Originally Posted by canuck
I'm concerned and frankly stunned that the CTO of Qualiteam feels that most merchants are OK with having customers leave the site to make their payment

By taking PCI-DSS into effect in July 2010 VISA is giving merchants only 2 options:

1) configure their stores so that they wouldn't store, process or transmit cardholder data, by using web-based payment gateways.

or (if a merchant wants to be responsible for the safety of credit card data):

2) become PCI-DSS certified.

I do believe the first option, being many times easier and cheaper, should be considered by the most of merchants. That's a typical practice anyway.

By choosing the second option a merchant is obliged to comply with strict PCI-DSS standard requiring him to set up a quite complicated environment where cardholder data could be stored or processed safely (i.e. http://help.qtmsoft.com/index.php?title=File:Xpayments_dataflow.png), and then go through the certification process.

By delivering X-Payments, PA-DSS certified solution, we'll be happy to serve merchants who would select the second option.
__________________
Yury Zaytsev
CQO
www.x-cart.com
Reply With Quote
  #19  
Old 03-25-2010, 08:24 AM
 
exsecror exsecror is offline
 

X-Wizard
  
Join Date: Apr 2007
Posts: 1,284
 

Default Re: X-Payments 1.0 beta testing

Quote:
Originally Posted by zorg
By taking PCI-DSS into effect in July 2010 VISA is giving merchants only 2 options:

1) configure their stores so that they wouldn't store, process or transmit cardholder data, by using web-based payment gateways.

or (if a merchant wants to be responsible for the safety of credit card data):

2) become PCI-DSS certified.

I do believe the first option, being many times easier and cheaper, should be considered by the most of merchants. That's a typical practice anyway.

By choosing the second option a merchant is obliged to comply with strict PCI-DSS standard requiring him to set up a quite complicated environment where cardholder data could be stored or processed safely (i.e. http://help.qtmsoft.com/index.php?title=File:Xpayments_dataflow.png), and then go through the certification process.

By delivering X-Payments, PA-DSS certified solution, we'll be happy to serve merchants who would select the second option.

It may be in your best interests to also support Payment gateways that take the whole processing out entirely but without requiring the customer to go offsite such as Braintree's Transparent Gateway. For many merchants including us it is not an acceptable or viable solution to have our customers redirect off-site (we do thousands of transactions a week). I also do not want to have to be forced to invest unnecessary funds in a completely separate box for a program that may or may not work (plus I don't trust encrypted code because it's security and stability cannot be audited effectively). Nor do I want to deal with the fact that if the program happens to break due to poor QA testing of having downtime till a engineer looks at which would be a problem anyway because I don't allow unauthorized personnel access to our facilities or servers. Granted right now until I transition us over to Braintree we are out of scope since I re-wrote X-Cart's payment core to forcefully truncate the credit card numbers in compliance with PCI but that's something I can't keep doing, hence the Braintree transition.
Reply With Quote
  #20  
Old 03-25-2010, 09:05 AM
 
hyper1 hyper1 is offline
 

Advanced Member
  
Join Date: Jun 2008
Posts: 52
 

Default Re: X-Payments 1.0 beta testing

After months of deceitful thread responses and answering questions in a way that never obligates x-cart to provide a fully functional payment option for pci compliance, I am at least happy to see the CTO finally state they have no intention of meeting our requirements. It has finally forced us to realize we must choose to spend a lot of money to upgrade to an interim solution (v4.3), which has little or no benefits over 4.1.x, or leave. The latter option is looking much better than it did before the CTO response. It took months, but it is finally clear. Thanks
__________________
Tim
x-cart pro 4.1.11, x-AOM, CDSEO, css layout - no tables (almost), free social bookmarking mod (xcartmod.co.uk - thanks), altered cart On Sale, One Page Checkout and Smart Search (all amazing products), Custom Code from CFL (the best), Hands-On Hosting for live site
Reply With Quote
Reply
   X-Cart forums > News and Announcements


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 05:29 AM.

   

 
X-Cart forums © 2001-2020