Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

PCI Compliance
 
Reply
   X-Cart forums > Considering X-Cart > Considering using X-Cart for my project
 
Thread Tools Search this Thread
  #1  
Old 06-19-2010, 12:49 PM
 
budneyc budneyc is offline
 

Newbie
  
Join Date: Jun 2010
Posts: 8
 

Default PCI Compliance

I would really like to switch to X-Cart, but am confused as to how PCI compliance (& meeting Visa rules) will work with X-Cart. I have read through many threads on this forum, but am still not sure on a few things.

- We need a seamless solution. (we need the customer to input their CCard into X-cart). The customer shouldn't know they are being transferred to another site. The site must look the same and the URL not change.

- We are in Canada, so we are limited in the Gateways we can use

- We don't need to store credit card numbers.

I would really appreciate if someone could answer these questions for me.(please help!)

1) Is X-payments nescessary? We will not be storing CCards, but will be "transmitting" them to our gateway.

2) Does the URL change with X-payments? I read somewhere that a site called www.mysite.com will become something like https://secure.mysite.com during checkout.

3) If the URL changes (like in my question 2), can you choose what you name the subdomain? (I named it secure above)

4) I read X-payments will be integrated in Version 4.4. If so, will my it change how the URL looks? (my question 2 & 3 above).

5) If the URL changes during checkout, will I require 2 certificates or a new certificate?

I would really appreciate help with the above.
__________________
Currently Evaluating X-Cart to purchase
Reply With Quote
  #2  
Old 06-19-2010, 12:56 PM
  cflsystems's Avatar 
cflsystems cflsystems is offline
 

Veteran
  
Join Date: Apr 2007
Posts: 13,427
 

Default Re: PCI Compliance

Not an expert but what I can tell you is that if you want to process the payment on your site then you do need xpayments. As for the url I believe you can install xpayments in a subdirectory and then the url will look as part of the site and in that case no additional SSL will be required.
site url - www.domain.com
will become www.domain.com/payment if you install xpayments in a subdirectoy "payment" for example
__________________
Steve Stoyanov
CFLSystems.com
Web Development
Reply With Quote

The following user thanks cflsystems for this useful post:
ambal (06-21-2010)
  #3  
Old 06-19-2010, 02:39 PM
 
budneyc budneyc is offline
 

Newbie
  
Join Date: Jun 2010
Posts: 8
 

Default Re: PCI Compliance

Thanks for your help Steve,

If it is a subfolder like https://www.mydomain.com/payment, I think it would look better than a subdomain like https:payment.mydomain.com .

Many customers have been told to make sure the domain name doesn't change before they enter credit card numbers. I realize a subdomain is perfectly safe, but would rather see it in a folder like your example: https://www.mydomain.com/payment

Have you (or anyone else) installed X-payments and know for sure which it will look like?
__________________
Currently Evaluating X-Cart to purchase
Reply With Quote
  #4  
Old 06-19-2010, 02:46 PM
 
budneyc budneyc is offline
 

Newbie
  
Join Date: Jun 2010
Posts: 8
 

Default Re: PCI Compliance

Also, how many screens does the customer have to go through for check-out? I've heard it may be a little messed up with X-payments.

Is there a 1 page check-out mod that can be used with X-payments?

Does X-cart or anyone else have a test sight set-up with X-payments installed?
__________________
Currently Evaluating X-Cart to purchase
Reply With Quote
  #5  
Old 06-20-2010, 05:58 PM
 
gotpump gotpump is offline
 

eXpert
  
Join Date: Aug 2008
Posts: 272
 

Default Re: PCI Compliance

Is there anyone here who has x-payments installed so that we may see what it's going to look like? Why doesn't x-cart provide a site where we can see this mod working the way it's intended to or is there?
__________________
X-Cart DB Version: 5
Reply With Quote
  #6  
Old 06-21-2010, 03:08 AM
  cflsystems's Avatar 
cflsystems cflsystems is offline
 

Veteran
  
Join Date: Apr 2007
Posts: 13,427
 

Default Re: PCI Compliance

I don't think there is any. But you can install it on your cart or dev site. X-Payments will not mess up your existing cart, it is a completely separate application. Then you need to install x-connector to be able to connect to x-payments form your cart. And you can modify the payment methods showing in checkout with a simple "if statement" to show x-payments to only one user - you, so you can test
__________________
Steve Stoyanov
CFLSystems.com
Web Development
Reply With Quote
  #7  
Old 06-21-2010, 04:29 AM
  ambal's Avatar 
ambal ambal is offline
 

X-Cart team
  
Join Date: Sep 2002
Posts: 4,099
 

Default Re: PCI Compliance

Hi Budneyc,

Thank you for taking interest in our software and welcome aboard.

X-Payments is the application you'll need if you want your customers to enter credit card details on your web-site.

X-Payments is a separate application that can be used either on a subdomain or in a sub-folder. In case of a sub-domain you'll need to have to have it secured separately unless you are going to use a Wildcard SSL cert.

X-Payments integrated with X-Cart v4.3 or newer using special X-PaymentsConnector module (included in X-Payments license).

X-Payments can look similar to style of your X-Cart based web-site and thus do not create interruption in your checkout.

X-Cart v4.4 is going to have one-page checkout (see http://forum.x-cart.com/showthread.php?t=53309), however, in case of X-Payments-powered checkout a customer will have to enter credit card details on a separate form provided by X-Payments (I explained reasons at http://forum.x-cart.com/showthread.php?p=289958#post28995.


@gotpump, you should be able to download X-Payments beta version in "File Area" section of your HelpDesk account to see how it works. We will setup an online demo once X-Payment gets certified by QSA (expecting this very shortly) and once we start selling it.


Everyone is welcome to contact us with any questions any time!

Alex
__________________
Sincerely yours,
Alex Mulin
VP of business development for X-Cart
X-Payments project manager
Reply With Quote
  #8  
Old 06-21-2010, 06:45 AM
 
gotpump gotpump is offline
 

eXpert
  
Join Date: Aug 2008
Posts: 272
 

Default Re: PCI Compliance

Thanks Alex!
__________________
X-Cart DB Version: 5
Reply With Quote
  #9  
Old 06-21-2010, 08:25 AM
  Vacman's Avatar 
Vacman Vacman is offline
 

X-Adept
  
Join Date: Sep 2005
Location: Torrance, CA
Posts: 792
 

Default Re: PCI Compliance

Quote:
Originally Posted by ambal
Hi Budneyc,
.....We will setup an online demo once X-Payment gets certified by QSA (expecting this very shortly) and once we start selling it.

Alex

Selling it? I thought this was going to be provided for free?
__________________
Carl Tice

X-Cart 4.6.6
X-Payments 3.0
ReBOOT 3.4.1

PHP 5.6.30
MySQL 5.6.35
Linux 2.6.32-042stab120.18
ionCube PHP Loader v4.7.3
Perl 5.10.1
Reply With Quote
  #10  
Old 06-21-2010, 10:22 AM
 
budneyc budneyc is offline
 

Newbie
  
Join Date: Jun 2010
Posts: 8
 

Default Re: PCI Compliance

Thanks everyone.

Ambal - Will the complete 4.4 cart be PCI certified? If just the payment module is certified in 4.4, wouldn't it be atleast a 2 page checkout?
__________________
Currently Evaluating X-Cart to purchase
Reply With Quote
Reply
   X-Cart forums > Considering X-Cart > Considering using X-Cart for my project


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 01:03 AM.

   

 
X-Cart forums © 2001-2018