Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

PCI Compliance
 
Reply
   X-Cart forums > Considering X-Cart > Considering using X-Cart for my project
 
Thread Tools Search this Thread
  #11  
Old 06-21-2010, 11:29 AM
  gb2world's Avatar 
gb2world gb2world is offline
 

X-Wizard
  
Join Date: May 2006
Location: Austin, TX
Posts: 1,970
 

Default Re: PCI Compliance

In addition - don't overlook the other important factor - X-Payments requires PHP version 5.3.0 and above. See this thread for more information.
__________________
X-CART (4.1.9,12/4.2.2-3/4.3.1-2/4.4.1-5)-Gold
(CDSEO, Altered-Cart On Sale, BCSE Preorder Backorder, QuickOrder, X-Payments, BCSE DPM Module)
Reply With Quote
  #12  
Old 06-21-2010, 12:08 PM
 
matt2005 matt2005 is offline
 

Advanced Member
  
Join Date: Dec 2004
Location: Michigan
Posts: 58
 

Default Re: PCI Compliance

Quote:
Originally Posted by ambal
Hi Budneyc,

Thank you for taking interest in our software and welcome aboard.

X-Payments is the application you'll need if you want your customers to enter credit card details on your web-site.

X-Payments is a separate application that can be used either on a subdomain or in a sub-folder. In case of a sub-domain you'll need to have to have it secured separately unless you are going to use a Wildcard SSL cert.

X-Payments integrated with X-Cart v4.3 or newer using special X-PaymentsConnector module (included in X-Payments license).

X-Payments can look similar to style of your X-Cart based web-site and thus do not create interruption in your checkout.

X-Cart v4.4 is going to have one-page checkout (see http://forum.x-cart.com/showthread.php?t=53309), however, in case of X-Payments-powered checkout a customer will have to enter credit card details on a separate form provided by X-Payments (I explained reasons at http://forum.x-cart.com/showthread.php?p=289958#post28995.


@gotpump, you should be able to download X-Payments beta version in "File Area" section of your HelpDesk account to see how it works. We will setup an online demo once X-Payment gets certified by QSA (expecting this very shortly) and once we start selling it.


Everyone is welcome to contact us with any questions any time!

Alex

What is the point of this extra module if you are using google checkout or

paypal payments pro where the customer card is sent encrypted to paypal?

I am curious as to if anyone will get a violation notice for not using x-payments if you have paypal payments pro installed.. As far as I know paypal doesn't care about it.. Do other gateways?!

Who does the compliance check?

Just put your store on a PCI compliant server and don't store credit cards!

-Matt
__________________
XC4.1.12
Reply With Quote
  #13  
Old 06-21-2010, 12:56 PM
 
budneyc budneyc is offline
 

Newbie
  
Join Date: Jun 2010
Posts: 8
 

Default Re: PCI Compliance

Hi Matt,

This is all new to me, but I think because you are transmitting the credit card numbers, the module or shopping cart must be PCI compliant, even if you are not storing them. This is a rule by the credit card companies and not the gateways. The gateways may let it slide for now, but they may make it a rule at anytime.

Even if the gateway lets it slide for now, you are breaking the credit card companies rules and will be more liable if you get hacked.

That is how I understand it, but again I am not an expert.

I am interested in what Alex (Ambal) will have to say about 4.4 with the one page checkout. I can't see how it will be a one page checkout, unless the complete software is deemed compliant.
__________________
Currently Evaluating X-Cart to purchase
Reply With Quote
  #14  
Old 06-22-2010, 01:50 AM
  ambal's Avatar 
ambal ambal is offline
 

X-Cart team
  
Join Date: Sep 2002
Posts: 4,102
 

Default Re: PCI Compliance

> Will the complete 4.4 cart be PCI certified?

No, we are not going to certify X-Cart.

X-Payments is the tool to make your cart PCI-DSS compatible. Reason why we do not make X-Cart a PCI-DSS certified solution - we'll have to re-certify every new X-Cart version, minor and major, and pay OMFG fee every time. If we chose to certify X-Cart instead of X-Payments our costs for merchants would increase significantly. See this thread as well.

X-Payments is the solution you should use if your customers enter credit card on **your** web-site and it doesn't matter whether or not vital details are passed encrypted to a payment gateway.

If your cart redirects visitors to your payment gateway secure form for entering credit card details and visitors **do not** enter credit card details on your web-site pages - you can breathe out, take a can of beer (or two) as you do not have to make your web-site PCI-DSS compatible.

X-Payments is a commercial product and it is going to be sold for a license fee of USD $389.00. Our existing (before June 2010) X-Cart customers received one X-Payment license free of charge as we promised. Please notice that one X-Payment license allows connecting up to 10 online stores (X-Cart or any other that will integrate with X-Payments API).

X-Payments beta5 announced at http://forum.x-cart.com/showthread.php?t=53981 can be considered as a production version of X-Payments. We are waiting for the final confirmation by our QSA and once we have this confirmation we'll rename beta5 into v1.0 and start selling it.


> If just the payment module
> is certified in 4.4, wouldn't it be atleast a 2 page checkout?

If your customers are to enter credit card details on your web-site there will be 2 steps in "one step checkout" mode - we had to move entering credit card details on a separate form inside X-Payments (see reason at http://forum.x-cart.com/showthread.php?p=289958#post289958, there are some screen shots above that post as well).
__________________
Sincerely yours,
Alex Mulin
VP of business development for X-Cart
X-Payments project manager

Last edited by ambal : 06-22-2010 at 01:56 AM.
Reply With Quote
  #15  
Old 06-22-2010, 07:28 AM
  Vacman's Avatar 
Vacman Vacman is offline
 

X-Adept
  
Join Date: Sep 2005
Location: Torrance, CA
Posts: 792
 

Default Re: PCI Compliance

Looks like I am going to have to spend money anyways.... Just got this message from my ISP:
==============================================
At the current time, the supported version is PHP 5.2.13, which you have already found to be installed on the servers.
HostGator currently has no plans or any ETA for commitment of PHP 5.3.x+ support on the shared servers.
==============================================

Sigh.... it never ends... lol
__________________
Carl Tice

X-Cart 4.6.6
X-Payments 3.0
ReBOOT 3.4.1

PHP 5.6.30
MySQL 5.6.35
Linux 2.6.32-042stab120.18
ionCube PHP Loader v4.7.3
Perl 5.10.1
Reply With Quote
  #16  
Old 06-22-2010, 07:29 AM
 
gravel gravel is offline
 

Senior Member
  
Join Date: Mar 2004
Posts: 156
 

Default Re: PCI Compliance

Alex,

In X-Payments, "VirtualMerchantMPF" is listed. Is this Elavon Virtual Merchant? If so, what does the "MPF" refer to?

Thanks,
Dan
__________________
X-Cart version 4.0.17
X-Cart version 4.0.18
Web servers = Apache
OS = Linux
Reply With Quote
  #17  
Old 06-22-2010, 09:43 AM
 
gravel gravel is offline
 

Senior Member
  
Join Date: Mar 2004
Posts: 156
 

Default Re: PCI Compliance

Got an answer from Qualiteam:

"MPF means Merchant Provided Form, and yes, it is Elavon Virtual Merchant. X-Payments can work with Elavon Virtual Merchant."

X-Cart Elavon Virtual Merchant is supported starting from version 4.2.0; earlier X-Cart versions will need a custom integration.
__________________
X-Cart version 4.0.17
X-Cart version 4.0.18
Web servers = Apache
OS = Linux
Reply With Quote

The following user thanks gravel for this useful post:
ambal (06-23-2010)
  #18  
Old 06-22-2010, 04:53 PM
 
purelife purelife is offline
 

Newbie
  
Join Date: Jun 2010
Posts: 8
 

Default Re: PCI Compliance

Quote:
Originally Posted by ambal
>
X-Payments is a commercial product and it is going to be sold for a license fee of USD $389.00. Our existing (before June 2010) X-Cart customers received one X-Payment license free of charge as we promised. Please notice that one X-Payment license allows connecting up to 10 online stores (X-Cart or any other that will integrate with X-Payments API).

So new customers of this cart won't get this X-payments?
__________________
X-Cart v4.3.2
Reply With Quote
  #19  
Old 06-23-2010, 03:07 AM
  ambal's Avatar 
ambal ambal is offline
 

X-Cart team
  
Join Date: Sep 2002
Posts: 4,102
 

Default Re: PCI Compliance

> So new customers of this cart won't get this X-payments?

Actually, yes, new customers have to buy X-Payments. We promised our existing customers to give them a free X-Payment license and we did so.

However, we are a commercial organization and we pay for almost everything so we need to earn $$ somehow to maintain X-Cart, X-Payments and many other things. I hope you understand.
__________________
Sincerely yours,
Alex Mulin
VP of business development for X-Cart
X-Payments project manager
Reply With Quote
  #20  
Old 06-24-2010, 06:41 AM
 
FinsReef FinsReef is offline
 

Member
  
Join Date: Jun 2010
Posts: 10
 

Default Re: PCI Compliance

When was the cutoff for free x-payments?
__________________
Version 4.3.2
Reply With Quote
Reply
   X-Cart forums > Considering X-Cart > Considering using X-Cart for my project


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 11:22 PM.

   

 
X-Cart forums © 2001-2018