|
X-Cart Sagepay Server method using iFrame
Hi Everybody,
We have developed a custom payment module (it does come up with only installation instructions, no user manual: so, it is not a module, at least we can not call it so) for "SagePay Server method". Due to PCI standards, now customers have to either use SagePay SIM or X-Payments module. You may find difficulties in setting up x-payments module. How it works: -> The customer clicks order now button -> Popup window (using shadowbox method & iframe) will be opened. The contents will be loaded from sagepay (unknown to the user), they are asked to enter their card details. -> Once they entered, payment is successful, the popup window is closed & redirected to invoice page. The solution is validated by SagePay team too. You can email us our sales team at sales@mercuryminds.com for any queries. This will cost only 49$ for the people who uses our one page checkout module and installation is also free. For other customers, please contact our sales team for pricing at sales@mercuryminds.com |
Re: X-Cart Sagepay Server method using iFrame
This is what sagepay say about their server interface
"Security: It is a secure HTTPS POST from your web server to the Sage Pay’s Test or Live servers, followed by a callback, enabling you to automate actions more freely. It is arguably the most secure of Sage Pay’s integration, combining the security of HTTPS POST with other anti-fraud features, ensuring that no tampering has taken place during the transaction." |
Re: X-Cart Sagepay Server method using iFrame
Quote:
What happens when your web server can not meet standards to process Credit Cards? This is where the problem comes, not with SagePay. |
Re: X-Cart Sagepay Server method using iFrame
Quote:
|
Re: X-Cart Sagepay Server method using iFrame
See this link for sagepay's take on it
http://www.sagepay.com/products_services/bolt_ons/pci_dss/which_level and http://www.sagepay.com/products_services/sage_pay_go/integration/inframe Note this is a UK gateway dealing with UK merchants. In the UK PCI compliance and in particular PA-DSS has not got the same deadline as in the USA. The UK is about 3 years behind. For example the absolute deadline for PCI compliance is September 2010 and PA-DSS certified applications has not been meantioned.... |
Re: X-Cart Sagepay Server method using iFrame
Quote:
Is it 3 years or 3 months? I think it is 3 months. Yes. UK customers are pushed now to meet the deadline (Sep'10 is not too long). |
Re: X-Cart Sagepay Server method using iFrame
Its 3 years according to the security report I read. The september deadline is to be PCI compliant. No meantion of PA-DSS applictaions. In the US you had to be PCI compliant a long time ago.
|
Re: X-Cart Sagepay Server method using iFrame
That looks Great: We need someone to Turbocharge our x-cart. We have 5,000 products, good google coverage, and 50,000 hits / month. We need a programmer to get us going- and we'll help to introduce them to our 10,000 plus customer base. We can't afford to keep throwing $200 + $200 install for Modules that don't work!- Let's be rock stars together- Jack Fitzgerald: CCO
Our eBay bill was $3,000 last Month. Get my Checkout working- Show me $5,000 in sales, and we'll put your Mod as a product on our Home Page for a Month. Go to google merchant center, and take a look for industryrecycles ... We need to find programs and products / partners who can make those 50,000 hits WORK! |
Re: X-Cart Sagepay Server method using iFrame
Looking at
http://usa.visa.com/download/merchants/payment_application_security_mandates_regions.pdf The deadline for UK is 2012, but if you are implimenting a new site it is better to go down this type of route. |
Re: X-Cart Sagepay Server method using iFrame
Quote:
|
Re: X-Cart Sagepay Server method using iFrame
Very True, But it also says
"These mandates apply to all Visa regions. Note: Visa Europe operates as an independent company and licensee of Visa Inc. for business operations in Visa Europe markets. Visa Europe is aligned with the Visa payment application security framework, but has implemented its own set of mandates to drive compliance validation with the security initiatives detailed in this article." Whatever that means. |
Re: X-Cart Sagepay Server method using iFrame
It means they are doing a lousy job of explaining that VISA Europe (umm, which includes western Europe only) sets its own rules and the bulletin only applies to all VISA, Inc. regions. The last question / answer in the PA-DSS mandate FAQ somewhat clears up the mud:
"In June 2009, Visa announced payment application security mandates for Visa regions including Latin America and Caribbean (LAC), Central and Eastern Europe, Middle East and Africa (CEMEA), and Asia Pacific (AP). These mandates do not supersede earlier deadlines and related enforcement programs already in place for the U.S. and Canada." |
Re: X-Cart Sagepay Server method using iFrame
So, in clear as mud terms, Visa Europe has set no deadlines, nor any requirement AS YET, to use a PA-DSS compliant payment application. BUT nothing stops them jumping on said bandwagon and imposing deadlines.
OR does it mean that although they have not yet set deadlines and they may set different and earlier deadlines they have to be on board by july 2012???? |
Re: X-Cart Sagepay Server method using iFrame
I haven't been able to find any official notice of a VISA Europe deadline but I did find a copy of a presentation by a VISA Europe tech nerd that says their deadline is December 2012. SInce its not hosted on the VISA Europe site I can't call it authoritative. Honestly, the best you can do is contact VISA Europe to get the answer straight from the horses mouth. I nudged ambal that way on this thread and he is researching it to get clear on deadlines throughout the world.
|
Re: X-Cart Sagepay Server method using iFrame
Both documents are interesting. What caught my eye however was the following paragraph
In addition Software as a Service (SaaS) solutions hosted competely at a third party are not within the scope of these mandates, provided that these solutions are hosted by a third party and no such configurations, controls or systems reside on the merchant’s or the agent’s systems. Instead, merchants must use PCI DSS compliant service providers to provide SaaS solutions. PA-DSS compliant payment applications must be used if any such configurations, controls or systems do reside at the merchant or agent location. Does this mean that you can use XCart without xpayments so long as it is provided as a SERVICE by you host??? p.s. I'm sorry we are way off topic now. |
Re: X-Cart Sagepay Server method using iFrame
Beats me if that's what VISA means. It sure seems silly if it does. If I were a service provider I would market a hosted shopping cart using software I purchased that wasn't PA-DSS compliant.
|
Re: X-Cart Sagepay Server method using iFrame
Quote:
i am looking to use the sage pay iframe payment system and am interested in purchasing your one page checkout. can you tell me how the iframe is integrated into your one page checkout - do customers stay on the same page and what changes are there to the look of you one page checkout when it is implemented. are there any demos or screenshots that i can take a look at? |
Re: X-Cart Sagepay Server method using iFrame
Drop an email to sales@mercuryminds.com. The sales team will send you the screen shots.
Thank you. Quote:
|
Re: X-Cart Sagepay Server method using iFrame
Quote:
how long does it normally take to respond? ive sent 2 emails and 2 support tickets, so 4 emails in total, with no response. i have an open ticket dating from the 14th and a 2nd ticket after you replied to this thread open since the 20th. |
Re: X-Cart Sagepay Server method using iFrame
Quote:
It shouldn't. There is something wrong in receiving your emails or in our system. Let me get back to you. PMing you now asking your email address. Thank you. |
| All times are GMT -8. The time now is 05:27 AM. |
Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.