PCI Compliance and XMPie uStore

Summary: This article describes how to approach PCI compliance with XMPie uStore.

Audience: XMPie, channels and customers

Overview and motivation

XMPie offers uStore as an eCommerce platform. In many cases, uStore customers (merchants) build online stores which include credit card clearing. When credit cards are being cleared, PCI (Payment Card Industry) compliance becomes a mandatory requirement. This article explains how to approach PCI compliance for your uStore-based stores.

uStore enables a secured and safe integration with clearing providers, which helps you with PCI requirements by offering integrated payment gateways that allow merchants to securely transmit credit card data via integration with leading payment gateways.
See List of payment gateways integrated into uStore.

The Redirect payment method (hosted payment gateways), where clearing is done in the payment gateway’s website, is incorporated in uStore and is helpful with regard to PCI requirements.

This method allows merchants to offer a seamless checkout process that satisfies most of the PCI requirements. Once a customer clicks the payment button at the store, they are redirected to the payment gateway’s website to fill the payment details. Once the payment is completed, the customer is redirected back to the store to finish the checkout process. Thus, the payment forms are integrated into the checkout process but no credit card data is captured or processed through the uStore application server.

As a result of this integration, uStore-based merchants, that are hosted by XMPie, are able to validate for compliance via self-assessment at the SAQ A or SAQ A-EP level rather than the more difficult SAQ D level.

In addition, XMPie, being the application developer, can provide a filled SAQ D form for requirements 6 and 12. For more information, please contact support@xmpie.com

List of redirect payment gateways integrated into uStore

  • Worldline

  • PayPal REST

  • AuthorizeNET

  • MultiSafepay

  • Stripe

  • Mercado Pago

Consult each of these providers regarding their PCI responsibility matrix. This will help you understand the delineation of responsibilities between you, the payment gateway, and XMPie.

The twelve requirements of PCI

Since uStore is already geared towards supporting PCI compliance, you can easily achieve the twelve PCI requirements. For a detailed explanation of these requirements, see PCI Security Standards.

For customers whose system is hosted by XMPie or are using the StoreFlow Cloud service, XMPie takes care of network security and server security. uStore is a secured application that is developed following standard industry procedures.

 

Last updated by Mohammad Mansour: November, 2025