Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

X-Cart and PCI DSS / PA-DSS compliance

 
Reply
   X-Cart forums > News and Announcements
 
Thread Tools
  #101  
Old 01-09-2010, 07:14 AM
 
geckoday geckoday is offline
 

X-Wizard
  
Join Date: Aug 2005
Posts: 1,073
 

Default Re: Summary So Far: X-Cart & PCI-DSS / PA-DSS compliance

Quote:
Originally Posted by Jarron
For customers who wish to avoid entering therir credit card details on every transaction: I doubt it but I'll ask: Is it possible to simultaneously:
  • Avoid login to a 3rd party gateway (that stores the customer's credit card details instead of me) at checkout; and
  • Store the customer's credit card details for convenience at checkout; and
  • The clincher, avoid a Compliance Audit and all the hassle that goes with it?

This is possible with some gateways. Again, USAePay and Network Merchants both will allow this. Both support a customer database/vault that can have card numbers stored as part of the checkout process. As I mentioned before, the payment form can be served from your server and post to the gateway servers taking your server out of scope for PCI compliance. Both gateways will allow you to add a "save this card for future use" checkbox to the payment form. Both gateways have a reporting/query API that allows you to find out what cards a customer has stored, the card type (VISA, MC, etc.) and the last 4 digits of the card number so you can present that to the customer to choose from. Both allow you to submit transactions using a token identifying the payment method instead of a credit card number.

The downside is that most gateways charge and extra monthly fee and per transaction charges for using their customer database/vault. I haven't priced USAePay but Network Merchants typically runs $10/month and $0.05 or $0.06 per vault transaction.
__________________
Manuka Bay Company
X-Cart Version 4.0.19 [Linux]

UGG Boots and other fine sheepskin products
http://www.snowriver.com
Reply With Quote
  #102  
Old 01-09-2010, 07:54 AM
  cflsystems's Avatar 
cflsystems cflsystems is offline
 

Veteran
  
Join Date: Apr 2007
Posts: 14,190
 

Default Re: X-Cart and PCI-DSS / PA-DSS compliance

Hi Ralph, if you don't mind me asking this (also hope it is part of the thread scope): I use Quantum Gateway and they have this http://www.quantumgateway.com/developer.php (look at the Integration APIs/In Line Frame APIs), this is the documentation - http://www.quantumgateway.com/files/ILF_API.pdf. Is this what you are talking about? In your experience how customizable this is - will it look on the site as it is not part of the site (talking about position of elements, organization....)? I got a quote from QT for integration and just want to know if it's worth paying them to write the module.
__________________
Steve Stoyanov
CFLSystems.com
Web Development
Reply With Quote
  #103  
Old 01-11-2010, 02:52 AM
 
kulture kulture is offline
 

X-Man
  
Join Date: Feb 2005
Location: Norwich UK
Posts: 2,085
 

Default Re: X-Cart and PCI-DSS / PA-DSS compliance

The real question is can a merchant who is SAQ C (which I suspect is the vast majority here) continue to use older versions of xcart or any version of Litecommerce, and if so under what circumstances (third party gateway, off site processing or direct on site processing)
__________________
Richard
Ex Litecommerce 2.2.35
www.kultureshock.co.uk
Reply With Quote
  #104  
Old 01-12-2010, 12:56 PM
 
kulture kulture is offline
 

X-Man
  
Join Date: Feb 2005
Location: Norwich UK
Posts: 2,085
 

Default Re: X-Cart and PCI-DSS / PA-DSS compliance

I guess that this company can solve the PCI problem for xcart users in the USA

http://www.cresecure.com/
__________________
Richard
Ex Litecommerce 2.2.35
www.kultureshock.co.uk
Reply With Quote
  #105  
Old 01-12-2010, 01:30 PM
 
koz koz is offline
 

Advanced Member
  
Join Date: Nov 2006
Posts: 88
 

Default Re: X-Cart and PCI-DSS / PA-DSS compliance

Quote:
Originally Posted by kulture
I guess that this company can solve the PCI problem for xcart users in the USA

http://www.cresecure.com/


This is something I'd definitely consider for my stores... assuming that I'm able to keep the one page checkout and it doesn't interfere too much with the checkout process.
__________________
Version 4.4.3 & 4.2.2
FreeBSD
P4 3.2 4 gig ram 300 gig SATA
Reply With Quote
  #106  
Old 01-12-2010, 03:13 PM
 
kulture kulture is offline
 

X-Man
  
Join Date: Feb 2005
Location: Norwich UK
Posts: 2,085
 

Default Re: X-Cart and PCI-DSS / PA-DSS compliance

well they have not developed it yet! they say "coming soon" but I note that xcart is at the top of their list.
__________________
Richard
Ex Litecommerce 2.2.35
www.kultureshock.co.uk
Reply With Quote
  #107  
Old 01-12-2010, 05:01 PM
 
Duramax 6.6L Duramax 6.6L is offline
 

X-Adept
  
Join Date: Dec 2006
Posts: 865
 

Default Re: X-Cart and PCI-DSS / PA-DSS compliance

Quote:
Originally Posted by kulture
I guess that this company can solve the PCI problem for xcart users in the USA

http://www.cresecure.com/

Isn't this what x-payments is going to do basically.

Hope it is ready soon.
__________________
Xcart 5.1.6 Building New Store
Xcart4.6.4 Gold Plus
Xcart 4.6.4 Platinum
Smart Template,
Mail Chimp Upgrade
Checkout One (One Page Checkout)
Checkout One X-Payments Connector
Checkout One Deluxe Tools
Call For Price
On Sale Module
Buy Together Module
MAP Price MOD
Reply With Quote
  #108  
Old 01-12-2010, 09:19 PM
  xplorer's Avatar 
xplorer xplorer is offline
 

X-Cart team
  
Join Date: Jul 2004
Posts: 925
 

Default Re: X-Cart and PCI-DSS / PA-DSS compliance

Quote:
Originally Posted by kulture
I guess that this company can solve the PCI problem for xcart users in the USA

http://www.cresecure.com/

It is almsot the same what X-Payments does:
http://www.cresecure.com/pages.php?CDpath=4

The only difference is that with X-Payments the payment form is on a merchant's website, not on our servers
Reply With Quote
  #109  
Old 01-12-2010, 10:21 PM
 
Asiaplay Asiaplay is offline
 

X-Wizard
  
Join Date: Oct 2005
Posts: 1,242
 

Default Re: X-Cart and PCI-DSS / PA-DSS compliance

Quote:
Originally Posted by xplorer
It is almsot the same what X-Payments does:
http://www.cresecure.com/pages.php?CDpath=4

The only difference is that with X-Payments the payment form is on a merchant's website, not on our servers

Hi Xplorer,

I am wondering if you have a list of payment gateways that x-payments will work for, allowing for integration of a one page checkout?
e.g. will worldpay or asiapay etc. allow for a one page checkout on the merchants server, using x-payments?

Which payment gateways will x-payment actually work for?

Thanks again, Asiaplay
__________________
X-Cart Gold version 4.1.9
(plus built in X-Cart bugs!)
Reply With Quote
  #110  
Old 01-13-2010, 06:47 AM
 
geckoday geckoday is offline
 

X-Wizard
  
Join Date: Aug 2005
Posts: 1,073
 

Default Re: X-Cart and PCI-DSS / PA-DSS compliance

Quote:
Originally Posted by cflsystems
Hi Ralph, if you don't mind me asking this (also hope it is part of the thread scope): I use Quantum Gateway and they have this http://www.quantumgateway.com/developer.php (look at the Integration APIs/In Line Frame APIs), this is the documentation - http://www.quantumgateway.com/files/ILF_API.pdf. Is this what you are talking about? In your experience how customizable this is - will it look on the site as it is not part of the site (talking about position of elements, organization....)? I got a quote from QT for integration and just want to know if it's worth paying them to write the module.

This is similar to what I am doing but not the same. Instead of hosting the payment page on your server like I do with this solution Quantum hosts the payment page but it is loaded in an iframe on your checkout page. This can be done with most gateway hosted payment pages but Quantum has developed a specific API for doing it this way. They've added some better security over the typical hosted page and a session keep-alive to prevent timeouts during checkout. I don't have a Quantum account to play with to fully understand how integrated it can look but is sounds like it should end up pretty transparent. As long as the Quantum page can be stripped down to just the entry fields for the card information the iframe will look just like any other part of your page. I'd ask Quantum for a demo site or another customers site to look at before you pony up for it.

I find hosting the payment form on my server and posting to the gateway cleaner. The iframe approach adds some overhead and some people have an aversion to iframing things on a page.
__________________
Manuka Bay Company
X-Cart Version 4.0.19 [Linux]

UGG Boots and other fine sheepskin products
http://www.snowriver.com
Reply With Quote
Reply
   X-Cart forums > News and Announcements


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 04:22 PM.

   

 
X-Cart forums © 2001-2020