Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Any potential pitfalls using the new SagePay Direct module?


gavin_creative

Recommended Posts

Hi Harald,

 

Sorry if this sounds a bit silly, but is it possible to perform testing using the SagePay Direct osCommerce module without having the Private IP & SSL setup? I am in the process of getting this setup but waiting for this to be setup by one of other technical guys and wondered if I can maybe run this in Simulator mode for the time being?

 

Thanks,

Gav

Link to comment
Share on other sites

Hi Gavin..

 

It should be possible to test the module in Simulation mode without an SSL certificate. The IP address of your setup must however be entered in your Sage Pay Merchant Account settings.

 

Here is the test credit card number that can be used:

 

Card Type: VISA

Card Number: 4929000000006

CV2: 123

 

Kind regards,

:heart:, osCommerce

Link to comment
Share on other sites

  • 2 weeks later...
Hi Gavin..

 

It should be possible to test the module in Simulation mode without an SSL certificate. The IP address of your setup must however be entered in your Sage Pay Merchant Account settings.

 

Hi Harald, this 'Sage Pay Merchant Account' - would I be right in saying this is within Sage Pay's own site rather than the osCommerce administration section?

Link to comment
Share on other sites

Hi Harald, this 'Sage Pay Merchant Account' - would I be right in saying this is within Sage Pay's own site rather than the osCommerce administration section?
Not Harald, but I can answer this: yes, that's in the settings on the Sage Pay site. You are essentially giving it a whitelist of IPs that can process payments on your account. Apparently Sage Pay will reject payment requests from other IPs.

 

When you sign up for a simulator account, they should send you a link to the simulator which you can use to change settings, etc.

Always back up before making changes.

Link to comment
Share on other sites

  • 3 weeks later...

Hello

 

My concerns with this system are to do with PCIDSS compliance. If you are not holding or passing any credit card details anywhere then you are ok. If you are using this direct Sagepay module then you will have to pass the sensitive credit card data to Sagepay. Unless you are 100% sure that your site coding and SSL is water tight then there is always a chance you will have problems. If you once have a leak of data and the relevant people deem you as un-compliant, then you are in line for harsh penalties such as massive fines or the inablity to process card online in future.

 

I noticed this module is certified... what exactly does that mean? what are the benefits of that?

 

Am I right to have these concerns about using the Direct version of Sagepay or am I paranoid? I would personally prefer customers not to leave my site as they do using Sagepay Form & Server but maybe that is a safer option and gets around the hurdles put up by the PCIDSS rules?

 

Thoughts anyone?

Link to comment
Share on other sites

Hello

 

My concerns with this system are to do with PCIDSS compliance. If you are not holding or passing any credit card details anywhere then you are ok. If you are using this direct Sagepay module then you will have to pass the sensitive credit card data to Sagepay. Unless you are 100% sure that your site coding and SSL is water tight then there is always a chance you will have problems. If you once have a leak of data and the relevant people deem you as un-compliant, then you are in line for harsh penalties such as massive fines or the inablity to process card online in future.

 

I noticed this module is certified... what exactly does that mean? what are the benefits of that?

 

Am I right to have these concerns about using the Direct version of Sagepay or am I paranoid? I would personally prefer customers not to leave my site as they do using Sagepay Form & Server but maybe that is a safer option and gets around the hurdles put up by the PCIDSS rules?

 

Thoughts anyone?

 

The SagePay server module loads the payment pages within an iframe on your site, so the customer does not actually leave your site, but their payment info is still input directly onto sagepay hosted pages. It therefore only has the same PCI audit requirements as the form module whilst giving a similar feel to the server module (although not quite as slick)

Link to comment
Share on other sites

Hi,

 

Please see this post: -

 

http://www.oscommerce.com/forums/topic/346355-sage-pay-and-pci/

 

Many thanks,

 

John.

 

Hello

 

My concerns with this system are to do with PCIDSS compliance. If you are not holding or passing any credit card details anywhere then you are ok. If you are using this direct Sagepay module then you will have to pass the sensitive credit card data to Sagepay. Unless you are 100% sure that your site coding and SSL is water tight then there is always a chance you will have problems. If you once have a leak of data and the relevant people deem you as un-compliant, then you are in line for harsh penalties such as massive fines or the inablity to process card online in future.

 

I noticed this module is certified... what exactly does that mean? what are the benefits of that?

 

Am I right to have these concerns about using the Direct version of Sagepay or am I paranoid? I would personally prefer customers not to leave my site as they do using Sagepay Form & Server but maybe that is a safer option and gets around the hurdles put up by the PCIDSS rules?

 

Thoughts anyone?

Link to comment
Share on other sites

  • 8 months later...

Hello.

 

I urgently require someone to install the newest version of Sagepay direct correctly onto my Cre Loaded store, fresh install 6.4.1

I have installed the latest version but it is not passing all the data properly so Sagepay have advised.

I am using One Page Checkout...

 

I know this is an OsCommerce forum, but you guys understand it better than anyone.

 

I will PAY for someone to fix this - As long as the price is reasonable.

Please PM me if you want the work with a price and timescale, if the price is good we can start right away.

 

Thanks

Link to comment
Share on other sites

Forgive me Harald but I couldn't find my answer on the forum..

 

Is Sage Pay Direct for integrating realtime payments with the Sage Software like Peachtree with the Sage Co. transaction server?? I am assuming that it is, but can you confirm this for me.

 

example: http://www.peachtree.com/productsServices/acceptCreditCards/

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...