Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

X-Cart and PCI DSS / PA-DSS compliance
 
Reply
   X-Cart forums > News and Announcements
 
Thread Tools
  #171  
Old 04-28-2010, 09:57 AM
 
ManFromDet ManFromDet is offline
 

Senior Member
  
Join Date: Jun 2003
Posts: 125
 

Default Re: X-Cart and PCI-DSS / PA-DSS compliance

Add Network Merchants Inc. to the list: https://www.nmi.com/

I just confirmed that they simulate Authorize.net SIM; I'm using them for Authorize.net AIM gateway emulation. They offer a hosted page that can be altered to match your website / shopping cart.
__________________
X-Cart version 4.4.2 <- preparing to launch
Mod: BCS Eng. Advanced Filter
Reply With Quote
  #172  
Old 04-29-2010, 09:31 AM
  icnjan's Avatar 
icnjan icnjan is offline
 

Advanced Member
  
Join Date: Nov 2004
Location: Wine Country, California
Posts: 80
 

Default Re: X-Cart and PCI-DSS / PA-DSS compliance

Quote:
Originally Posted by BCSE
We have been researching many and find these to be popular and also well configurable:

-Authorize.net SIM
-Payflow Link
-CyberSource (Hosted)

Carrie

Thanks Carrie! I am working with the Authorize.net SIM now as a backup plan - their 255 header and footer html text limit is frustrating - I guess I need to look further into "including a style sheet in the transaction request"!

Quote:
Originally Posted by lbs_09
For Canadians I recommend:

Elavon / Virtual Merchant
Moneris / sSelectPlus


I use virtual merchant now to keep the charges within the store framework but this is not a "hosted payment gateway" solution that will need to be implemented end of June if x-payments is not available.

Thanks! Janice
__________________
X-Cart Version 4.1.12
Dedicated server
Reply With Quote
  #173  
Old 05-12-2010, 02:02 PM
 
bkluth bkluth is offline
 

Senior Member
  
Join Date: May 2003
Posts: 119
 

Default Re: X-Cart and PCI-DSS / PA-DSS compliance

Wow, a lot of information to absorb here. I've now read this whole thread (and a few others) 2 or 3 times over. Thanks to everyone for trying to clear things up for others.

I have a few questions. Thanks in advance for any answers!

I have multiple Xcart versions running from 4.0.13 to 4.2.0.
I am planning the following tasks:

1 - upgrade servers to php v5.3
2 - patch Xcarts to run on php v5.3 (do patches exist for this?)(is this something QT can do for me?)
3 - have Xpayments installed on each (I think $75/ea was posted by QT)
4 - advise and assist all Xcart users to switch to some payment gateway (preferrably not offsite)

I assume that this will make all the sites compliant, insofar as Xcart is concerned. Right?

If all this is done, will the sites still be required to have the PCI Compliancy Scanning performed quarterly? Or would that go away due to the sites no longer processing/transmitting/storing CC data?

Am I missing anything here?
__________________
www.dramaticvisions.com
Reply With Quote
  #174  
Old 05-15-2010, 07:15 AM
  a1deano's Avatar 
a1deano a1deano is offline
 

X-Adept
  
Join Date: Oct 2004
Posts: 745
 

Default Re: X-Cart and PCI-DSS / PA-DSS compliance

May i ask as iam not that clued up on this stuff, iam thinking of moving host to uk secure web hosting, their Ecommerce SSL Hosting package is PCI DSS Compliance, does this mean if i move over to them then i will be covered for accepting credit cards etc on my store.

At present i use paypal standard which isn't a very good idea as customers leave my store to pay, but iam thinking of upgrading my store so customers stay on my site to pay so does this mean id be covered if i change hosting to uk secure web hosting..

Thanks for any advise..
__________________
--------------
V4.6.1
xcartmods - Reboot Template

X-cart - X-PDF

Altered Cart - Checkout one
Reply With Quote
  #175  
Old 05-19-2010, 07:44 AM
  a1deano's Avatar 
a1deano a1deano is offline
 

X-Adept
  
Join Date: Oct 2004
Posts: 745
 

Default Re: X-Cart and PCI-DSS / PA-DSS compliance

Well ive contacted "uk secure web hosting" twice now and they havn't replied, i know they are receiving my messages because they replied back when i send them a smtp update for o2 Hmmmmmmm
Looks like they don't want the business!!
__________________
--------------
V4.6.1
xcartmods - Reboot Template

X-cart - X-PDF

Altered Cart - Checkout one
Reply With Quote
  #176  
Old 05-19-2010, 09:00 AM
  photo's Avatar 
photo photo is offline
 

X-Wizard
  
Join Date: Feb 2006
Location: UK
Posts: 1,146
 

Default Re: X-Cart and PCI-DSS / PA-DSS compliance

Quote:
Originally Posted by a1deano
Well ive contacted "uk secure web hosting" twice now and they havn't replied, i know they are receiving my messages because they replied back when i send them a smtp update for o2 Hmmmmmmm
Looks like they don't want the business!!

Have you talked with Emerson over at EWD Hosting
__________________
v4.1.10
In Dev v4.5.x


"If you don't keep an eye on your business, someone else will."
Reply With Quote
  #177  
Old 05-19-2010, 09:30 AM
  a1deano's Avatar 
a1deano a1deano is offline
 

X-Adept
  
Join Date: Oct 2004
Posts: 745
 

Default Re: X-Cart and PCI-DSS / PA-DSS compliance

I did look at there hosting package, unfortunatly as iam in the uk their price is $45 for uk hosting and thats over double what iam paying now, thanks for info thou
__________________
--------------
V4.6.1
xcartmods - Reboot Template

X-cart - X-PDF

Altered Cart - Checkout one
Reply With Quote
  #178  
Old 05-22-2010, 03:24 PM
 
cautious cautious is offline
 

Advanced Member
  
Join Date: Oct 2003
Location: FL, US
Posts: 64
 

Default Re: X-Cart and PCI-DSS / PA-DSS compliance

Quote:
Originally Posted by a1deano
May i ask as iam not that clued up on this stuff, iam thinking of moving host to uk secure web hosting, their Ecommerce SSL Hosting package is PCI DSS Compliance, does this mean if i move over to them then i will be covered for accepting credit cards etc on my store.

At present i use paypal standard which isn't a very good idea as customers leave my store to pay, but iam thinking of upgrading my store so customers stay on my site to pay so does this mean id be covered if i change hosting to uk secure web hosting..

Thanks for any advise..

Just to clarify: are you worried that customers leaving your site to pay at PayPal will make you less PCI compliant? In another way, are you thinking if customers stay on your site to pay this would enhance your PCI compliance?

I hope the answers to both are not yes, yes.

We often forget that in reality, the only time a customer "stays" on one's site to pay is when they use store's gift certificates, money order, or check. At all other methods, they "leave" the store to pay. The issue is whether it is shown to the customer they are leaving and whether we collect the info and help transfer it instead of them actually entering the info at the external site. So even if you use authorize.net, the customer's data has to leave your site to authorize.net for the payment to occur. The only quick difference here with PayPal standard is that you help transfer the customer info to authorize.net "silently" whereas the customer is involved with the transfer for PayPal

In fact, one could argue that the PayPal system, like Google Checkout is more secure for both the merchant and the customer overall. Because the customer has to login to her PayPal account to approve (pay) or not approve the payment the PayPal system gives a layer of security similar to VISA verified. Even better, if integrated normally by the merchant, PayPal Standard, PayPal Express and Google Checkout all have the advantage that the actual account# (e.g. Credit/Debit card number plus CVV, or Bank account # in the case of PayPal) is never seen nor saved by the merchant.

The net effect of this is that the customer's sensitive payment data is saved in only one place (may be two places if she uses PayPal and Google Checkout) rather than on every merchant database where she shops, including at authorize.net, and all the other gateways. As we advise security-conscious customers, this is one of the situations where it is a good thing to put one's eggs in a single basket (or two at most), instead of having sensitive data all over the place at each merchant; it is the way to avoid multiple points of failure leading to more frequent data compromise.
__________________
Recommend www.paintball-gear-supplies.com for good deals on camping & outdoor supplies.
x-cart v4.1.10 on LAMP
Reply With Quote
  #179  
Old 05-23-2010, 12:58 AM
  a1deano's Avatar 
a1deano a1deano is offline
 

X-Adept
  
Join Date: Oct 2004
Posts: 745
 

Default Re: X-Cart and PCI-DSS / PA-DSS compliance

I need to be pci compliant as iam moving over to Barclays ePDQ and with this new compliance thing in June i must sort the 2 errors out that Mcfee pci scan picked upon.

I use Paypal Standard at present but as most people state on the forum its not very profesional customers leaving your site to pay. By me moving over to Barclays they are actualy offering a better rate than Paypal pro but even if i chose this method id still need to be pci compliant.
Ive just intalled a new SSL certificate in my eyes a better one, clickable so customers can check, iam trying to do everything to be secure, even if i didn't need to be compliant its always good to find any vulnerabilities and get them adrressed for peice of mind for you and your customers...
__________________
--------------
V4.6.1
xcartmods - Reboot Template

X-cart - X-PDF

Altered Cart - Checkout one
Reply With Quote
  #180  
Old 05-23-2010, 06:25 AM
  cflsystems's Avatar 
cflsystems cflsystems is offline
 

Veteran
  
Join Date: Apr 2007
Posts: 13,539
 

Default Re: X-Cart and PCI-DSS / PA-DSS compliance

Actually paying with PayPal I would expect to be taken to PayPal site for payment, I am used to it, so I don't think this is unprofessional. Paying with CC - I would think twice if url changes and I am taken to some other place I am unfamiliar with.
__________________
Steve Stoyanov
CFLSystems.com
Web Development
Reply With Quote
Reply
   X-Cart forums > News and Announcements


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 02:59 AM.

   

 
X-Cart forums © 2001-2018