I would like to integrate CS Cart directly with WorldPay. They say the Cart needs to support Direct XML submission. Does anyone know if it does? It appears that it did up to version 3. They also need proof of PCI DSS compliance.
Dear Gus,
Thank you for your message.
First of all, let me say that CS-Cart is integrated with more than 70 payment systems by default including WorldPay, and a number of direct payment gateways (such as Ogone Direct and Sage Pay Direct, for example). To familiarize yourself with the complete list of integrated payment systems, please refer to the following page of our website:
[url=“Marketplace features in CS-Cart Multi-Vendor”]https://www.cs-cart.com/payment-systems.html[/url]
You will need to sign up an account in one or more payment systems from the list above and then enter your account details in CS-Cart admin panel. CS-Cart will use this data to accept credit card payments from your customers online.
Please refer to the following section in our Knowledge Base to learn how some payment systems should be set up in CS-Cart:
[url=“CS-Cart Documentation — CS-Cart 4.15.x documentation”]CS-Cart Documentation — CS-Cart 4.15.x documentation
Secondly, please note that CS-Cart is designed to meet the latest security requirements. One of such requirements is PCI compliance:
[url=“Product :: Feature Tour :: PCI Compliance”]https://www.cs-cart.com/pci-compliance.html[/url]
PCI is a set of strict security standards relating to storage, processing or transaction of credit card data, developed by the leading payment brands, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Compliance with PCI Data Security Standard is highly recommended for all online stores.
However, some payment gateways (such as PayPal, for example) may require a PCI DSS certification. As for CS-Cart being PCI DSS compliant, we cannot provide such certification, since it is very expensive and lasts only several months. Moreover, we will need to certify the program again each time a new version is released and new CS-Cart version is released approximately once in about three months. So we do not certify the program according to PCI DSS, though CS-Cart meets all the necessary requirements.
I hope this helps.
Feel free to ask further questions if any.
I will be glad to help.
Hi Denis,
I am familar with all the list of gateways and currently use Worldpay. However they will not allow payments directly on CS Cart because it is not PCI compliant. My question is what gateways will allow there service to be accessed directly from the cart rather being diverted to their website. Thanks for your help.
Regards
GusM
Gus, it is your site that needs to be PCI complicate. The software needs to be DSS compliant. But cs-cart will not certify because it is only valid for the specific release. And if you ever modified the code or added an add-on, your certification would be void.
It is not a simple topic but cs-cart is in fact DSS compliant, however they are not certified as such. I believe if you get PCI compliance for your server and site that worldpay will be satisfied. If your not storing any cc info on your site then by definition you are PCI compliant.
OK thanks for your reply. i will look into it further and post anything I find back here. Is there any payment gateway that allow payments on cs cart without diverting to there site?
Sure, there are tons… If you're in the US, the oldest is Authorize.net. Technically if you capture a credit card number during checkout you are in fact storing the CC number on your server (it's held in the session which is backed-up to disk). But it is transient and once the payment processor has responded with success/fail, the number is usually munged to only show the last-4.
Please ensure that you have the remove CC number checkoboxes checked on the Open and Processed statuses.