-1

So I need to recommend an eCommerce platform to my client. The requirement is that they need to ship items all over Europe and North America. So it needs to be multi-currency, multi-language. Also there is a subscription model, so the credit card needs to be stored and periodically charged. Further they need it to integrate with QuickBooks which is they accounting software. Also the software will have web, iOS and Android versions.

So for the storing credit card part, I do not want to store it within our infrastructure because of PCI DSS issues. Instead I would prefer having something like paypal vault. However I cannot use paypal because their mobile SDK does not support recurring payments/subscription model.

With paypal ruled out, I have been looking at X-Cart for the shopping interface and couple of other payment companies (akin to authorize.net) for the payment integration. However I am getting confused with X-Cart. It talks a lot about PCI compliance and stuff, so I am wondering whether it is a full package not just shopping cart? I read tons of documentation but I still cannot wrap my head around it.

My Questions:

  • If I use X-Cart do I need any additional payment integration system like Paypal?

  • Since X-Cart is a downloadable software, what PSI implications does hosting it in our own server have?

  • How will I handle iOS and Android versions, does X-Cart do anything for those platforms?

I was surprised to see X-Cart was a SO tag. So I decided to reach out to anyone with prior X-Cart experience to help me get some directions.

Thank you!

Undefined Variable
  • 4,196
  • 10
  • 40
  • 69

1 Answers1

1

All the latest versions of X-Cart do not touch credit card information at any point. So it is out of PCI-DSS scope and can be hosted on any server you like as long as it meets the system requirements.

And to process credit cards you can use any of the integrated payment gateways. X-Cart does not charge any transaction fees so the only fees you will be paying will be to the gateway itself. And if the gateway you would like to use is not integrated yet, you can add it yourself since the platform is fully open code.

As for subscriptions, X-Cart offers a stand-alone PA-DSS certified X-Payments software that utilizes tokenization technology supported by certain payment methods(including PayPal Pro) to "save" credit card information for further use in a PCI-compliant manner. The actual credit card number is saved by the payment gateway itself. And X-Payments uses the token to perform additional charges. The token cannot be used with any other gateway or X-Payments installation so even if it gets stolen there won't be any harm. You can read more about it in this blog post.

And dedicated iOS/Android applications can be added with Shopgate service that is integrated with X-Cart.

Kirill Marinkov
  • 11
  • 2