PCI Compliance

July 1st, 2010

As of July 1, 2010 you cannot accept credit cards through a shopping cart that is not PCI compliant.

Dear client,

Recently, we received many questions regarding new PCI compliance requirements and how they are related to X‐Cart. There is a lot of confusion around that so we collected the information below for your review. We will be updating this article with more information as we receive it.

As of July 1, 2010 you cannot accept credit cards through a shopping cart that is not PCI compliant. The truth is, the most shopping cart solutions available today are not PCI compliant and many are not even considering becoming compliant. As of right now, X-Cart shopping cart is not compliant, so this applies to all the merchants using this software.

Most merchant account providers are not going to shut you down on June 1 if you aren’t compliant, but you’ll need to address this as soon as possible. Below are three payment processing scenarios and options to comply:

Scenario 1
A customer adds items to their cart on your site. After they click “checkout” they are redirected outside of your site to off‐site payment processor – like Google checkout or Paypal Standard. 
Below is the list of several popular off-site payment methods:

  • PayPal Standard and Express Checkout (http://www.PayPal.com)
  • Google Checkout (http://checkout.google.com)
  • PayFlow Link (http://www.PayPal.com)
  • 2Checkout (http://2Checkout.com)
  • Authorize.net SIM (not AIM) (http://www.authorize.net)
  • CyberSource Hosted Order Page (http://www.CyberSource.com/)

At no point does a customer enter in credit card information while on your website. In this scenario you would need to pass SAQ “A”:

https://www.pcisecuritystandards.org/saq/docs/aoc_saq_a.doc

If your site ever passes, stores, or transmits credit card data then you are not in this category and should read the next section.

Scenario 2
A customer adds items to their cart on your site. When they click “checkout” they remain on your site and fill in their personal information including their credit card information. When the customer clicks submit, the credit card information is sent to a payment processor (like Authorize.net) who returns a unique token id for you to reference. At no point do you ever store the credit card (encrypted or not) or the CVV2 value. By “at no point” I mean never, not for a millisecond, not for 10 minutes until you can process it manually…..never. You may store a masked PAN (4xxxxxxxxxxxxxxx1111). Examples of popular payment gateways that are affected by the new standards are:

  • PayPal Website Payments Pro
  • Authorize.net AIM
  • CyberSource (SOAP Toolkit API)
  • PayPal PayFlow Pro

In this scenario you would need to pass SAQ “C”:

https://www.pcisecuritystandards.org/saq/docs/aoc_saq_c.doc

Solution:
If you want to continue to accept credit cards in your store to be able to control design of the payment page, you need to install a module called X-Payments, which is a new interface where customers enter their credit cards into. This add-on is PCI certified and by using it you can pass certification. There are some disadvantages on using that add-on:

  • Installation and configuration is not easy
  • Adds an extra step to your checkout, because the credit card data page is not inside X-Cart
  • It has to be on a server separate from the server with X-cart installed because PCI certified application cannot be on the same server as non-PCI application (X-cart, WordPress and etc)
  • As of June 2010 the ‘final’ version of X-Payments was not released yet. You can download the ‘beta’ version, but will have to upgrade it to a final version after release.
  • X-Payments can only run on PHP 5.3 which is not supported by many control panels yet.
  • In order to use X-Payments, you also need a module called X-Connector. Unfortunately, X-Connector is only available for X-cart version 4.3. Qualiteam said they will release X-Connector for older versions, but there is no release date yet.
  • After you get X-Payments installed, you have to configure it, adjust the template to match your design, and test it.

Scenario 3
A customer adds items to their cart on your site. After they click “checkout” they remain on your site and fill in their personal information including their credit card information. When the customer clicks submit, system encrypts the credit card number and save it in the database. You may keep it for 5 minutes until someone can manually try to process it in the cart or you may pass the encrypted card data to a system at your office to be processed. Either way, simply by inserting it into a database you instantly fall under SAQ “D” which is the most complicated certification:

https://www.pcisecuritystandards.org/saq/docs/aoc_saq_d_merchants.doc

Solution:
The only solution is to use X-Payments as described in Scenario 2.

Conclusion
The easiest and fastest way to become fully PCI compliant is to switch to off-site payment method as described in Scenario 1.
If you want to keep using your payment processor and have a greater control over design of the payment page, you may consider X-Payments.

There are 2 ways to do this:

  • Get a separate dedicated server for payment processing – this server has to be PCI compliant, be protected by a firewall and located at a quality secured PCI certified data center – this will cost at least $400+/mo
-
  • Use our shared X-Payment server – we prepared a separate set of servers which do not have any other non-PCI applications installed and run Linux/PHP5.3 compatible with X-Payments. At this time, we offer this service at no monthly or per-transaction charges for our hosted clients but there is a setup fee to have everything installed and configured for your store and annual SSL certificate fee ($30/year). Your X-Payment page will be located on your sub-domain like https://payments.yourstoredomain.com so your customers will not feel like leaving your store.

Note: if you want to become PCI certified (and you do not have much choice), you cannot use a popular “One page checkout” add-on “as is” any longer. BCSE Engineering is working on a custom solution to use it with iframes. If you are interested, please contact http://www.bcsengineering.com for more information.

There is an option to ignore all this PCI mambo-jumbo and continue your business as before. If you do this, you risk losing your merchant account so you will not be able to process credit card orders in your online store and pay heavy fines for non-compliance ($50,000-$200,000).

Note: PCI compliance is your responsibility as a merchant and we will assist you in this matter as much as possible

Posted in News and Events | No Comments »

Now even more graphic (PhotoShop) prototypes

February 19th, 2010

We’ve recently updated our collection of design prototypes.
There is now over 15,000+ professionally designed shopping cart graphic prototypes.

Search the graphic template database and buy a PhotoShop source artwork.

Posted in News and Events | No Comments »

Happy New Year Cute and Sexy animated card ;-)

December 31st, 2009

Happy new Year!

Posted in Uncategorized | No Comments »

Merry Christmas cute and funny animated card!

December 25th, 2009

Read the rest of this entry »

Posted in Uncategorized | No Comments »

X-Cart v4.3 is released

November 11th, 2009

Qualiteam Software announces release of X-Cart v4.3.0

There are multiple interesting features, including improved back end interface making it much easier to manage your store. The front end have been improved by adding AJAX based ADD TO CART functionality.

Here is the list of most significant changes in this version:

  • AJAX minicart and product ratings
  • built-in modules: X-AOM, X-RMA and Flyout Menus
  • collapsible categories menu
  • custom title tags
  • more logical backend menu
  • quick order/product/user search
  • history of order statuses
  • gift wrap option
  • integration with Carrier-calculated Shipping API for Google Checkout

This version of x-cart is still uses Smarty Template system and end code is still a bit messy.

As always, we do not recommend using it until it is stables.

Posted in News and Events | No Comments »

X-Cart WordPress integration mod (Free)

March 30th, 2009

We have recently developer and released X-Cart mod that allows to install WordPress RSS feed into X-Cart front end.

What the means is that X-Cart owners can now have their (or any else) recent WordPress posts propagate onto xcart front page by tapping into WordPress RSS feed (sample feed).

This can potentially improve search engine positions and freqencty with which Search Engine robots crawls the site.

X-Cart WordPress mod can be downloaded free at CartTemplates x-cart template store.

Posted in Uncategorized | 1 Comment »

XCart Customization and XCart Design services launched

October 1st, 2008

We’ve just released a brand new site devoted for XCart Customizations and XCart Design services. The service is based upon the whopping collection of 10,000+ pre-designed eCommerce templates, which essentially, just pictures (screenshots) of shopping cart websites.

When the budget is tight and you don’t want to spend thousands of dollars on unique look and feel of your store, you can just choose the one that suites your industry and taste (over 10,000 professionally designed sites available) and we will place your logo there and turn it into a working x-cart for you. This will ultimately save you big buck spent on graphic artist.

However, if you need a unique design, you can order a custom design from us as well.

Also, we are the first company that does X-Cart and Flash Animation integration. Imagine beautiful slide show animation displaying your featured products, or have a user friendly “wizard” that helps your visitors to narrow down the products from your X-Cart based on their preferences. Or if you really want to go BIG with Flash, we can design a whole store using Flash (although we don’t recommend it for search engine optimization reasons). Now this all can be done!

For XCart templates visit www.carttemplates.com

Posted in News and Events, Uncategorized | No Comments »

XCart SEO: Comparing SEO/Search Engine Friendly URL mods for XCart

June 24th, 2008

Search Engine Optimization is a crucial component of any online business and is particularly important in the world of e-commerce where competition is often fierce. Since the beginning of x-cart, xcart owners had to rely on HTML catalog, custom hacks, and/or third party modules to SEO optimize their sites. We’ve decided to review commercially available x-cart modules geared towards improving your xcart installation in the eyes of search engines. These modules are: CDSEO Pro from WebSiteCM, DSEFU from safetynetweb.com, and XCSEO Pro available for purchase at xcart forums.


Be sure to read this review until the very end as we’ve negotiated an incredible deal so you can get the most out of your xcart at the best price.

About the Mods

CDSEO Pro for X-Cart CDSEO Pro for X-CartCDSEO Pro (Custom Dynamic Search Engine Optimization Pro for X-Cart) $199.99
Being the most expensive of the bunch, this mod is marketed by its developer as a complete SEO toolbox for your xcart. It replaces the XCart HTML Catalog with ability to define what the URL of each page will be. You do not have to manually regenerate HTML catalog every time you make any change on your site and helps to avoid duplicate content penalty from search engines where your site can potentially have the identical pages accessible via different URL. This mod also allows you to define a custom title tag for each and every product, category, manufacturer and static page in your site, as well as define custom link anchors, meta keywords, and meta descriptions.
XCart SEO DSEFU Pro DSEFU Pro (Dynamic Search-Engine-Friendly URLs PRO) $49.95
Being the cheapest this mod is a replacement of XCart’s HTML Catalog. It is made so that your store has only one version (live) eliminating the need of manual HTML Catalog regeneration every time there is a change in the product catalog. It will help avoiding duplicate content penalty from search engines.This mod doesn’t have any additional built in functionality.
XCSEO Pro XCSEO Pro at $120.00
Just like the CDSEO Pro this mod is a replacement of standard HTML Catalog with allowing you to define resulting URLs in your store. It is marketed by its developer as the fastest of the bunch.

How we’ve tested

We’ve compared these modules using the following criteria: Price, Features, Ease of installation, Ease of use, and Performance. Then we’ve compared these modules against the standard x-cart features. We loaded up a development server, installed copies of x-cart, and purchased and installed the mods: DSEFU, XCSEO Pro, and CDSEO Pro, while leaving one installation untouched. We then compared the interfaces of each mod, how easy and intuitive it was to use the available features.

For performance testing, we’ve used the software AdventNet QEngine Application Load Testing Software to load test all three x-cart search engine optimization mods on a default x-cart store simulating 20 concurrent users. We did five tests on each installation and calculated the averages. In addition to performance testing, we benchmarked using x-cart’s internal benchmarking software by enabling it in top.inc.php.

Installation

Installation process of each of the modules required you to upload new files to the server and change some of the existing x-cart files.

To complete CDSEO Pro installation you need to launch the installation wizard, which will help you to configure product features. As last steps you will have to manually modify 7 files, adding in total, approximately 34 lines of code into your standard xcart out of the box files. Additionally we had to create a new .htaccess and robots.txt files according to the instructions given by installation wizard. The installation process took us about 10 minutes to complete.

To complete DSEFU Pro installation requires you to manually update 7 files with 63 lines of code. Being a simple HTML catalog replacement it doesn’t have any configuration settings. It does require the ability to change file permissions to load your license. Lastly we had to manually change paths in .htaccess and robots.txt files as we’d installed to a subfolder. Total installation process took us about 10 minutes to complete.

XCSEO Pro was supposed to be simple as it provides file patches to run via the admin area of xcart (note this does require the ability to change file permissions), however when we attempted to apply the patch to our fresh of the box xcart (4.1.10) it failed. As a result we had to manually patch a file which takes knowledge of .diff files. Like DSEFU, we then had to manually modify paths in .htaccess and robots.txt. Lastly we ran the sql php file and updated the the database. Install time for us was about 15 minutes.

For the technically savvy these installations didn’t take much time to complete and were relatively simple, however if you don’t have technical expertise we strongly recommend purchasing an optional installation together with the mod of your choice as making a simple mistake during installation process may render your xcart non-functional.

Ease of use and feature set

Each of these mods has a different approach to replacing standard HTML catalog of x-cart. Sets of features differ greatly from none with DSEFU to many of SEO configurations in CDSEO Pro, with XCSEO Pro being in the middle.

DSEFU provides search engine friendly urls automatically, based on the category/product/manufacturer/page name. This process is essentially a creation of the html catalog without the creation of secondary static pages and avoiding duplicate content penalty while presenting visitors with the relevant version of the page. The reliance of URLS on the product, category or page names means that if a product title, category name, or page changes the URL changes. This can cause search engine fits due to broken links.

The home.php values are not automatically filtered to the root directory to consolidate page rank and while some manual edits are provided to change the major links to home.php, they don’t go far enough to consolidate your page rank to root. Beyond automatic url writing, the module offers no additional options or SEO features.

XCSEO Pro goes beyond DSEFU giving you custom control over your URLs, so that you can manually specify URLs appearance via your x-cart admin section. Module controls are logically placed in the appropriate areas of xcart admin. You can customize category URLs by navigating to “Categories Management”, page URLs via “Modify Product”, and static pages URLs via “Static Pages” interface. The custom nature of these URLs prevents broken links when items are renamed and if you decide to change a page URL, the module will place instructions on the server so that visitors and search engines can find a new page automatically.

One thing we didn’t like about the XCSEO Pro is that when you have large amount of products in one category spread across pages these secondary pages URLs are not rewritten in an SEO friendly manner. A category with 10 pages of products for example, will have an SEO friendly url of http://www.example.com/category.html but then secondary pages have dynamic urls of http://www.example.com/category.html?pageid=2, http://www.example.com/category.html?pageid=3, etc. As a result, secondary pages and thus products existing on those secondary pages, are much less likely to be indexed well.

CDSEO Pro has the richest set of features. Like XCSEO Pro it extends x-cart search engine optimization, by performing custom URL rewriting. It also providing the ability to modify the following key components of SEO: page titles, meta keywords, meta descriptions, and link anchor tags. Unlike XCSEO Pro controls, CDSEO Pro controls are placed in a separate interface, which is very intuitive and very easy to use. We like the import/export feature, which allows you to export settings and configuration into CSV file (which you can then edit in Excel) and import it back into your xcart. This can be very timesaving for large stores.

URL rewriting options provide custom URLs entered via an admin section, and also allows folder structure and/or .html extensions, configurable on a category/product/manufacturer/static page level. It provides SEO friendly secondary pages regardless of your format. CDSEO Pro has options to automatically and safely redirect the default php pages and/or the html catalog pages, and allows you to input a custom home page title. Like XCSEO, when URLs are modified, 301 redirects are also automatically applied from the old URLs to the new.

Performance

We used AdventNet QEngine Application Load Testing Software to load test all three x-cart search engine optimization mods on a default x-cart store simulating 20 concurrent users.

Mean statistics under load testing

Default X-Cart DSEFU XCSEO Pro CDSEO Pro
*Mean Response Time (ms): 4508 5323 6314 5652
**Mean Page Download Time (ms): 5.6 5.8 24.2 6.6

*Response time is one of the most important characteristics of load testing. Response time reports and graph measures the web user experience as it indicates how long the user waits for the server to respond for his request. This is the time taken, in seconds, to receive full response from the server. It is equivalent to the time taken by the client to connect to the server and receive the response including image, script and stylesheet.

**The page download time is the time taken, in seconds, to receive the full response of the page including image, script and stylesheet from the first byte of the server response.

X-Cart benchmarking

Home Page Load

Default X-Cart DSEFU XCSEO Pro CDSEO Pro
Load Time (seconds): 0.8402 0.8583 1.3967 0.8697
Used Memory (Mb): 4.699 5.112 5.561 5.033

Category Page Load

Default X-Cart DSEFU XCSEO Pro CDSEO Pro
Load Time (seconds): 1.0622 1.2547 1.3082 1.1657
Used Memory (Mb): 4.745 5.162 5.212 5.042

Product Page Load

Default X-Cart DSEFU XCSEO Pro CDSEO Pro
Load Time (seconds): 0.7785 0.8600 0.9214 0.8611
Used Memory (Mb): 4.698 5.110 5.043 5.017

Stress Test Page (with 4000 urls)

Default X-Cart DSEFU XCSEO Pro CDSEO Pro
Load Time (seconds): 1.7332 8.1023 16.9432 3.0918
Used Memory (Mb): 3.504 3.998 38.925 3.816

On default x-cart pages DSEFU and CDSEO Pro ranked comparable for loading time, while XCSEO was consistently slower. CDSEO Pro was the best on memory usage and by far the best under stress testing, ranking 250% better than DSEFU and more than 550% better than XCSEO. XCSEO Pro’s memory usage under stress testing was over 1000% more than the other two modules.

Conclusion

DSEFU is a cost effective, and easy to use and install alternative to the HTML catalog. It has no additional options to optimize your store.

XCSEO is a good replacement for HTML catalog. It gives you the control if you need to create keyword reach URLs in your store. Beyond custom URL input it doesn’t have any SEO options. Despite the fact that it is being marketed as the fastest of the bunch – it was the slowest module according to our performance tests. We cannot recommend it for busy stores.

CDSEO Pro was easy to install and provides the best set of SEO features. We loved the control it gives over the URL. We loved the fact that you can have custom title and meta tags for each page of your store. If you are serious about SEO your store when using DSEFU or XCSEO Pro requires a great deal of further customization for SEO purposes, while CDSEO provides the majority of everything you need for onsite SEO in an easy to use administration. CDSEO Pro is clearly a winner and makes a complete SEO solution for your xcart.

HTML Catalog CDSEO Pro DSEFU Pro XCSEO Pro
Cost/Installation Free $199.99/$50.00* $49.95/$25.00 $120/$30.00
Installation n/a
Performance
Features (overall)
Custom URL
Automatic 301 redirect
Custom Title Tag
Custom Meta keyword
Custom Meta description
Overall score and value for money n/a

Note: Accurate as of June 24, 2008

Limited Time Offer

Performing search engine optimization on x-cart’s since for over 10 years, resulting in millions of dollars in increased revenue for clients, we at ASF Design Inc. will use CDSEO Pro for our xcart SEO and recommend that you use it also. In fact, we were so impressed by the CDSEO Pro product, that we didn’t want price to be the only reason you used one of the competing modules. For that reason, we have negotiated a deal with WebsiteCM to offer CDSEO Pro to you at the price of $120.00 as a limited time offer (installation not included)

To apply for your discount, visit Custom Dynamic Search Engine Optimization (CDSEO Pro) for X-Cart and enter ASFDESIGN as your discount coupon during checkout

Tags: , ,
Posted in SEO and Marketing, Uncategorized | No Comments »