Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

PCI-DSS compliance or PCI/PA-DSS Compliant

 
Reply
   X-Cart forums > Considering X-Cart > Considering using X-Cart for my project
 
Thread Tools Search this Thread
  #1  
Old 02-13-2012, 10:23 PM
 
Dmitri Z Dmitri Z is offline
 

Member
  
Join Date: Feb 2012
Posts: 10
 

Default PCI-DSS compliance or PCI/PA-DSS Compliant

Hi,

I need little help of understanding difference between PCI-DSS Compliant and PCI/PA-DSS Compliant (X cart gold or X cart gold + X-Payments) .

If I want to process credit card payments on my web store pages (customers never leave my website during the purchase) and I want use Authorize.Net: AIM (Advanced Integration Method) do I require PCI/PA-DSS Compliant?

And how only PCI-DSS Compliant card payments process will look like? If customers have to leave my website during the purchase in this case?

Thank You,
Dmitri
__________________
X-Cart Gold v4.4.5
Reply With Quote
  #2  
Old 02-14-2012, 05:52 AM
 
exsecror exsecror is offline
 

X-Wizard
  
Join Date: Apr 2007
Posts: 1,284
 

Default Re: PCI-DSS compliance or PCI/PA-DSS Compliant

PA-DSS compliance is required to conduct credit card transactions online if you use a method or system where the credit card information passes through the web appliance server (e.g. AuthorizeNet AIM). This means you would have to purchase X-Payments. Another option would be to use BCSE's AuthorizeNet: DPM module which cuts out the PA-DSS scope and eliminates the cost of X-Payments.

PCI-DSS is more about making sure the server and the web appliance are secure where as PA-DSS deals with the fact that the payment mechanism is certified for credit card handling.
Reply With Quote
  #3  
Old 02-14-2012, 06:28 AM
  Ene's Avatar 
Ene Ene is offline
 

X-Cart team
  
Join Date: Aug 2004
Posts: 907
 

Default Re: PCI-DSS compliance or PCI/PA-DSS Compliant

Quote:
Originally Posted by exsecror
PA-DSS compliance is required to conduct credit card transactions online if you use a method or system where the credit card information passes through the web appliance server (e.g. AuthorizeNet AIM). This means you would have to purchase X-Payments. Another option would be to use BCSE's AuthorizeNet: DPM module which cuts out the PA-DSS scope and eliminates the cost of X-Payments.

PCI-DSS is more about making sure the server and the web appliance are secure where as PA-DSS deals with the fact that the payment mechanism is certified for credit card handling.

The main difference is that PA-DSS is applied for software vendors and PCI-DSS is applied for merchants.


Quote:
If I want to process credit card payments on my web store pages (customers never leave my website during the purchase) and I want use Authorize.Net: AIM (Advanced Integration Method) do I require PCI/PA-DSS Compliant?

You have to be PCI-DSS compliant and use PA-DSS certified software.
__________________
Eugene Kaznacheev,
Evangelist/Product Manager at Ecwid: http://www.ecwid.com/ (since Sept 2009)

ex-Head of X-Cart Tech Support Department
ex- X-Cart Hosting Manager - X-Cart hosting
ex-X-Cart Technical Support Engineer


Note: For the official guaranteed tech support services please turn to the Customers HelpDesk.
Reply With Quote

The following user thanks Ene for this useful post:
ambal (02-18-2012)
  #4  
Old 02-18-2012, 09:03 AM
  ambal's Avatar 
ambal ambal is offline
 

X-Cart team
  
Join Date: Sep 2002
Posts: 4,112
 

Default Re: PCI-DSS compliance or PCI/PA-DSS Compliant

I just want to note that BCSE's AuthorizeNet: DPM module is not PA-DSS certified. You should take that in account.
__________________
Sincerely yours,
Alex Mulin
VP of Business Development for X-Cart
X-Payments product manager
Reply With Quote
  #5  
Old 02-18-2012, 11:15 AM
  totaltec's Avatar 
totaltec totaltec is offline
 

X-Guru
  
Join Date: Jan 2007
Location: Louisville, KY USA
Posts: 5,823
 

Default Re: PCI-DSS compliance or PCI/PA-DSS Compliant

Its amazing that after all this time this issue is still so confusing. I have spent many hours poring over the different facets of pci and pa-dss compliance, and I still don't feel confident in my knowledge. Someone should write a book. :_)
__________________
Mike White - Now Accepting new clients and projects! Work with the best, get a US based development team for just $125 an hour. Call 1-502-773-6454, email mike at babymonkeystudios.com, or skype b8bym0nkey

XcartGuru
X-cart Tutorials | X-cart 5 Tutorials

Check out the responsive template for X-cart.
Reply With Quote
  #6  
Old 02-18-2012, 12:05 PM
 
BritSteve BritSteve is offline
 

eXpert
  
Join Date: Apr 2006
Posts: 339
 

Default Re: PCI-DSS compliance or PCI/PA-DSS Compliant

The problem is that you are not meant to understand it.

It is just a way for the card issuers and banks to totally obscure what is required, so if you happen to be unfortunate enough to be hacked, then it won't cost them anything, you will have to foot the bill and they will effectively put you out of business.

We have seen a number of high profile companies hacked, and with all their security resources, what hope do we have as a small business.

Steve
__________________
Version 4.1.8 & 4.1.9
ezcheckout4.1.x
cdseolinks2
product_metatags41x
shipping_per_product41x

http://www.earthsmagic.com
Reply With Quote
  #7  
Old 02-18-2012, 03:23 PM
  totaltec's Avatar 
totaltec totaltec is offline
 

X-Guru
  
Join Date: Jan 2007
Location: Louisville, KY USA
Posts: 5,823
 

Default Re: PCI-DSS compliance or PCI/PA-DSS Compliant

I tend to agree with you Steve. And while there are certainly preventative measures you can take, there is no such thing as complete safety from hackers.

Complying with Visa's rules should certainly be more easier and more transparent.
__________________
Mike White - Now Accepting new clients and projects! Work with the best, get a US based development team for just $125 an hour. Call 1-502-773-6454, email mike at babymonkeystudios.com, or skype b8bym0nkey

XcartGuru
X-cart Tutorials | X-cart 5 Tutorials

Check out the responsive template for X-cart.
Reply With Quote
  #8  
Old 02-18-2012, 04:27 PM
  cflsystems's Avatar 
cflsystems cflsystems is offline
 

Veteran
  
Join Date: Apr 2007
Posts: 13,809
 

Default Re: PCI-DSS compliance or PCI/PA-DSS Compliant

The more you protect something the more insecure is. That's how people think and act.
Tell your kid - do not touch the stove, is hot. You will end up treating a burn...
__________________
Steve Stoyanov
CFLSystems.com
Web Development
Reply With Quote
  #9  
Old 05-17-2012, 08:35 PM
  Mr. G's Avatar 
Mr. G Mr. G is offline
 

eXpert
  
Join Date: Nov 2010
Posts: 381
 

Default Re: PCI-DSS compliance or PCI/PA-DSS Compliant

Quote:
Originally Posted by ambal
I just want to note that BCSE's AuthorizeNet: DPM module is not PA-DSS certified. You should take that in account.
My take is that it does not need that certification, just like any checkout mod (such as Altered Cart OPC) doesn't need it. Also, refer to http://forum.x-cart.com/showpost.php?p=312659&postcount=25
As that thread concludes, it is ultimately up to your bank to certify that your store is PCI-compliant, and then you get your certificate. Also: http://forum.x-cart.com/showpost.php?p=336830&postcount=6
__________________
4.7.6 Gold Plus
XCartMods.co.uk Ultra Template
X-Cart Abandoned Cart
BCSE PayPal DPM
CDSEO Pro 2.1.8
BCSE Drop Shipper Pro
Google Rich Snippets
Time and money-saving tips I've learned as a webstore owner at http://ShoppingCart-Program.com
Reply With Quote
  #10  
Old 05-17-2012, 11:25 PM
  ambal's Avatar 
ambal ambal is offline
 

X-Cart team
  
Join Date: Sep 2002
Posts: 4,112
 

Default Re: PCI-DSS compliance or PCI/PA-DSS Compliant

Not true. Any software that touches credit card information somehow to be PA-DSS certified.
__________________
Sincerely yours,
Alex Mulin
VP of Business Development for X-Cart
X-Payments product manager
Reply With Quote

The following user thanks ambal for this useful post:
totaltec (05-18-2012)
Reply
   X-Cart forums > Considering X-Cart > Considering using X-Cart for my project


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 03:09 AM.

   

 
X-Cart forums © 2001-2020