Jump to content
Sign in to follow this  
gavin_creative

Any potential pitfalls using the new SagePay Direct module?

Recommended Posts

Hi guys,

 

I am shortly going to be integrating osCommerce 2.2 with the new SagePay Direct module for the first time - has anyone installed this yet? If so do you have any advice, or any obvious pitfalls that I may face?

 

Cheers :)

Share this post


Link to post
Share on other sites

Hi Gavin..

 

I have worked closely with John Fitchett at Sage Pay on the new modules. The new modules are certified and are recommended to use in a production environment.

 

Kind regards,


:heart:, osCommerce

Share this post


Link to post
Share on other sites

Hi Harald,

 

Sorry if this sounds a bit silly, but is it possible to perform testing using the SagePay Direct osCommerce module without having the Private IP & SSL setup? I am in the process of getting this setup but waiting for this to be setup by one of other technical guys and wondered if I can maybe run this in Simulator mode for the time being?

 

Thanks,

Gav

Share this post


Link to post
Share on other sites

Hi Gavin..

 

It should be possible to test the module in Simulation mode without an SSL certificate. The IP address of your setup must however be entered in your Sage Pay Merchant Account settings.

 

Here is the test credit card number that can be used:

 

Card Type: VISA

Card Number: 4929000000006

CV2: 123

 

Kind regards,


:heart:, osCommerce

Share this post


Link to post
Share on other sites
Hi Gavin..

 

It should be possible to test the module in Simulation mode without an SSL certificate. The IP address of your setup must however be entered in your Sage Pay Merchant Account settings.

 

Hi Harald, this 'Sage Pay Merchant Account' - would I be right in saying this is within Sage Pay's own site rather than the osCommerce administration section?

Share this post


Link to post
Share on other sites
Hi Harald, this 'Sage Pay Merchant Account' - would I be right in saying this is within Sage Pay's own site rather than the osCommerce administration section?
Not Harald, but I can answer this: yes, that's in the settings on the Sage Pay site. You are essentially giving it a whitelist of IPs that can process payments on your account. Apparently Sage Pay will reject payment requests from other IPs.

 

When you sign up for a simulator account, they should send you a link to the simulator which you can use to change settings, etc.


Always back up before making changes.

Share this post


Link to post
Share on other sites

Hello

 

My concerns with this system are to do with PCIDSS compliance. If you are not holding or passing any credit card details anywhere then you are ok. If you are using this direct Sagepay module then you will have to pass the sensitive credit card data to Sagepay. Unless you are 100% sure that your site coding and SSL is water tight then there is always a chance you will have problems. If you once have a leak of data and the relevant people deem you as un-compliant, then you are in line for harsh penalties such as massive fines or the inablity to process card online in future.

 

I noticed this module is certified... what exactly does that mean? what are the benefits of that?

 

Am I right to have these concerns about using the Direct version of Sagepay or am I paranoid? I would personally prefer customers not to leave my site as they do using Sagepay Form & Server but maybe that is a safer option and gets around the hurdles put up by the PCIDSS rules?

 

Thoughts anyone?

Share this post


Link to post
Share on other sites

Hello

 

My concerns with this system are to do with PCIDSS compliance. If you are not holding or passing any credit card details anywhere then you are ok. If you are using this direct Sagepay module then you will have to pass the sensitive credit card data to Sagepay. Unless you are 100% sure that your site coding and SSL is water tight then there is always a chance you will have problems. If you once have a leak of data and the relevant people deem you as un-compliant, then you are in line for harsh penalties such as massive fines or the inablity to process card online in future.

 

I noticed this module is certified... what exactly does that mean? what are the benefits of that?

 

Am I right to have these concerns about using the Direct version of Sagepay or am I paranoid? I would personally prefer customers not to leave my site as they do using Sagepay Form & Server but maybe that is a safer option and gets around the hurdles put up by the PCIDSS rules?

 

Thoughts anyone?

 

The SagePay server module loads the payment pages within an iframe on your site, so the customer does not actually leave your site, but their payment info is still input directly onto sagepay hosted pages. It therefore only has the same PCI audit requirements as the form module whilst giving a similar feel to the server module (although not quite as slick)

Share this post


Link to post
Share on other sites

Hi,

 

Please see this post: -

 

http://forums.oscommerce.com/topic/346355-sage-pay-and-pci/

 

Many thanks,

 

John.

 

Hello

 

My concerns with this system are to do with PCIDSS compliance. If you are not holding or passing any credit card details anywhere then you are ok. If you are using this direct Sagepay module then you will have to pass the sensitive credit card data to Sagepay. Unless you are 100% sure that your site coding and SSL is water tight then there is always a chance you will have problems. If you once have a leak of data and the relevant people deem you as un-compliant, then you are in line for harsh penalties such as massive fines or the inablity to process card online in future.

 

I noticed this module is certified... what exactly does that mean? what are the benefits of that?

 

Am I right to have these concerns about using the Direct version of Sagepay or am I paranoid? I would personally prefer customers not to leave my site as they do using Sagepay Form & Server but maybe that is a safer option and gets around the hurdles put up by the PCIDSS rules?

 

Thoughts anyone?

Share this post


Link to post
Share on other sites

Hello.

 

I urgently require someone to install the newest version of Sagepay direct correctly onto my Cre Loaded store, fresh install 6.4.1

I have installed the latest version but it is not passing all the data properly so Sagepay have advised.

I am using One Page Checkout...

 

I know this is an OsCommerce forum, but you guys understand it better than anyone.

 

I will PAY for someone to fix this - As long as the price is reasonable.

Please PM me if you want the work with a price and timescale, if the price is good we can start right away.

 

Thanks

Share this post


Link to post
Share on other sites

Forgive me Harald but I couldn't find my answer on the forum..

 

Is Sage Pay Direct for integrating realtime payments with the Sage Software like Peachtree with the Sage Co. transaction server?? I am assuming that it is, but can you confirm this for me.

 

example: http://www.peachtree.com/productsServices/acceptCreditCards/

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×