X-Cart forums

[nuvo]

Quote:

Originally Posted by geckoday

The PA-DSS compliant payment module has been moved out to January 2010. See http://www.x-cart.com/roadmap.html

You mean in 2-3 months time right? It's just a simple patch to upgrade from v4.3 correct?

Also, upgrade from v4.3 to v5 is just a database change from what I understand, correct?

[JWait]

Quote:

Originally Posted by nuvo

You mean in 2-3 months time right? It's just a simple patch to upgrade from v4.3 correct?

Also, upgrade from v4.3 to v5 is just a database change from what I understand, correct?

Since v4.3 isn't due to be released until August, it doesn't really matter if it is a "simple patch" or not. Without PCI-DSS / PA-DSS compliance by July you will be "dead in the water" anyway.

I fail to understand why x-cart is not working on making their present versions of x-cart compliant, concentrating instead on making other version(s) which will for all intents and purposes will not be ready by the mandated July, 2009 deadline for PCI-DSS / PA-DSS compliance.

[nuvo]

Oh, I thought v4.3 is what I was using, since I have the latest version installed from last week, but I guess they're not on v4.3 yet only v4.2.3.

Are you saying that the PA-DSS payment module that's suppose to be ready in a couple months wont' matter since it's a future feature for a future version that hasn't even been made yet? That doesn't make sense, I must be misunderstanding something?

[nuvo]

I think I'm going to just end up using a certified PA-DSS shopping cart etc where I can use AIM and authorize/capture through the cart and not be out of compliance, Xcart just doesn't seem to be able to provide functionality and compliance yet. I though SIM would be a great work around, but the inability to capture funds in addition to the less smooth checkout process are really starting to discourage me from xcart and being able to use SIM.

[JWait]

My bad. I read 4.3 was due to be released in August and didn't realize that was the beta version and it was 2009 and not 2010. V4.3 is (according to what I have read here in the forum) supposed to be the first version that has the PCI-DSS / PA-DSS compliant payment module, with a patch for earlier versions coming later (how much later I don't know). The module (from what I understand) will be encrypted, so it can not be "hacked" to get it to work in any way other than how it is designed to work. I understand, and agree that this is probably the best way to go. I just hope there is some alternative for those of us that do not plan on using x-cart to complete that transaction, but only to get the authorization on the card and do the capture of the funds elsewhere.

[nuvo]

Quote:

Originally Posted by JWait

My bad. I read 4.3 was due to be released in August and didn't realize that was the beta version and it was 2009 and not 2010. V4.3 is (according to what I have read here in the forum) supposed to be the first version that has the PCI-DSS / PA-DSS compliant payment module, with a patch for earlier versions coming later (how much later I don't know). The module (from what I understand) will be encrypted, so it can not be "hacked" to get it to work in any way other than how it is designed to work. I understand, and agree that this is probably the best way to go. I just hope there is some alternative for those of us that do not plan on using x-cart to complete that transaction, but only to get the authorization on the card and do the capture of the funds elsewhere.

From my understanding 4.3v is suppose to be ready next month and then a month or two later in Janurary then the PA-DSS payment module will be ready according to their road map and what they've said in this thread.
http://www.x-cart.com/roadmap.html

So my concern right now is since I have version 4.2.3 now, I wonder how the upgrade process works with xcart? Will xcart have an upgrade that will change the files and database easily, or will we have to manually change all sorts of files to get xcart PA-DSS payment module to work?

They say this, "4. The payment module will be implemented in such a way that allows its use with X-Cart 4.1.x and 4.2.x (with moderate customization of X-Cart source code)."

But what does that mean? Does that mean I first have to do manual customizations of the site code to upgrade to v4.3? Will they have an "updater" script that updates 4.2 to 4.3? Will this include the PA-DSS module? Or do we first get the payment module and have to hack around our sites to get it to work with v4.2? I don't understand, doesn't xcart just have release update scripts to update your cart? It sounds like they don't have a formal update procedure?

PS: Does anybody know how to make it so I can manually change the order status from the greyed out "pre-authorized" to "completed"?

[JWait]

Quote:

Originally Posted by nuvo

They say this, "4. The payment module will be implemented in such a way that allows its use with X-Cart 4.1.x and 4.2.x (with moderate customization of X-Cart source code)."

But what does that mean? Does that mean I first have to do manual customizations of the site code to upgrade to v4.3? Will they have an "updater" script that updates 4.2 to 4.3? Will this include the PA-DSS module? Or do we first get the payment module and have to hack around our sites to get it to work with v4.2? I don't understand, doesn't xcart just have release update scripts to update your cart? It sounds like they don't have a formal update procedure?

PS: Does anybody know how to make it so I can manually change the order status from the greyed out "pre-authorized" to "completed"?

A lot will depend on how much your earlier version has been modified. Usually, when x-cart says "moderate customization of X-Cart source code" it means just that, not easy, but not impossible either. Probably more than a few files will need to be replaced. If the original versions were modified, then it makes it more difficult.

For this very reason, when working with v4.2.x I have shied away from mods that alter the php files and only changed .tpls for the "look" I want.

[Steel]

The more I study the issue of PCI compliance, the more complex it appears to be.

Just when I think I have found the easiest way to achieve compliance (exemption, for example), I realize that other processes we perform would not allow the exemption.

As others have pointed out, this is going to be a major issue for X-Cart merchants with older versions, and for all merchants in the near future. (I am under the impression that it may not be practical to bring an earlier version (V3.x for example) into compliance, in which case it should be posted, or at least provide a road map of the steps necessary to achieve compliance).

It seems that it would be of benefit for X-Cart to discuss/provide/suggest modifications/implementations that would allow users of all versions of X-Cart a road-map for achieving compliance, not just providing a payment module with instructions, but also outlining the other issues that need to be addressed in order for a merchant to become compliant. I realize that some of this might turn away potential new customers for X-Cart and custom developers, but ultimately, the shopping cart developer that provides the easiest solution for merchants to achieve total PCI compliance will gain market share.

This is such an urgent/important issue that perhaps a new thread should be opened to discuss/provide/suggest modifications/implementations necessary to achieve compliance.

Step #1
https://www.pcisecuritystandards.org/pdfs/pci_dss_saq_instr_guide.pdf

[nuvo]

Looks like v4.3 is out, but I see no mention of PCI compliance payment module, so I'm guessing it's still not ready.


Does anybody know if v4.3 to v5 will require any database or SEF URL changes?

[xplorer]

The PCI compliance payment module will be released with X-Payments.

Right now X-Payments (and the X-Cart integration module) are almost ready for testing:
http://forum.x-cart.com/showthread.php?t=50495

Quote:

Originally Posted by nuvo

Does anybody know if v4.3 to v5 will require any database or SEF URL changes?

Please could you clarify what changes do you mean? Will they support SEF URLs? Yes, it is already supported in X-Cart 4.2