X-Cart Sagepay Server method using iFrame

MercuryMindsSales · #1 06-30-2010, 02:15 AM

Hi Everybody,

We have developed a custom payment module (it does come up with only installation instructions, no user manual: so, it is not a module, at least we can not call it so) for "SagePay Server method".

Due to PCI standards, now customers have to either use SagePay SIM or X-Payments module. You may find difficulties in setting up x-payments module.

How it works:

-> The customer clicks order now button
-> Popup window (using shadowbox method & iframe) will be opened. The contents will be loaded from sagepay (unknown to the user), they are asked to enter their card details.
-> Once they entered, payment is successful, the popup window is closed & redirected to invoice page.

The solution is validated by SagePay team too.

You can email us our sales team at sales@mercuryminds.com for any queries.

This will cost only 49$ for the people who uses our one page checkout module and installation is also free.

For other customers, please contact our sales team for pricing at sales@mercuryminds.com

kulture · #2 06-30-2010, 05:24 AM

This is what sagepay say about their server interface

"Security: It is a secure HTTPS POST from your web server to the Sage Pay’s Test or Live servers, followed by a callback, enabling you to automate actions more freely.
It is arguably the most secure of Sage Pay’s integration, combining the security of HTTPS POST with other anti-fraud features, ensuring that no tampering has taken place during the transaction."

Dongan · #3 06-30-2010, 07:39 AM

Quote:

Originally Posted by kulture

This is what sagepay say about their server interface

"Security: It is a secure HTTPS POST from your web server to the Sage Pay▓s Test or Live servers, followed by a callback, enabling you to automate actions more freely.
It is arguably the most secure of Sage Pay▓s integration, combining the security of HTTPS POST with other anti-fraud features, ensuring that no tampering has taken place during the transaction."

What happens when your web server can not meet standards to process Credit Cards? This is where the problem comes, not with SagePay.

geckoday · #4 06-30-2010, 08:02 AM

Quote:

Originally Posted by Dongan

What happens when your web server can not meet standards to process Credit Cards? This is where the problem comes, not with SagePay.

With the SagePay iframe approach the customer broswer posts the credit card data direct to SagePay's servers. So your server never processes, transmits or stores credit card data and is not subject to PCI-DSS requirements.

kulture · #5 06-30-2010, 08:40 AM

See this link for sagepay's take on it

http://www.sagepay.com/products_services/bolt_ons/pci_dss/which_level

and

http://www.sagepay.com/products_services/sage_pay_go/integration/inframe

Note this is a UK gateway dealing with UK merchants. In the UK PCI compliance and in particular PA-DSS has not got the same deadline as in the USA. The UK is about 3 years behind. For example the absolute deadline for PCI compliance is September 2010 and PA-DSS certified applications has not been meantioned....

Dongan · #6 06-30-2010, 07:14 PM

Quote:

Originally Posted by kulture

See this link for sagepay's take on it

http://www.sagepay.com/products_services/bolt_ons/pci_dss/which_level

and

http://www.sagepay.com/products_services/sage_pay_go/integration/inframe

Note this is a UK gateway dealing with UK merchants. In the UK PCI compliance and in particular PA-DSS has not got the same deadline as in the USA. The UK is about 3 years behind. For example the absolute deadline for PCI compliance is September 2010 and PA-DSS certified applications has not been meantioned....

Is it 3 years or 3 months? I think it is 3 months. Yes. UK customers are pushed now to meet the deadline (Sep'10 is not too long).

kulture · #7 07-01-2010, 01:15 AM

Its 3 years according to the security report I read. The september deadline is to be PCI compliant. No meantion of PA-DSS applictaions. In the US you had to be PCI compliant a long time ago.

industryrecycles · #8 07-01-2010, 11:03 AM

That looks Great: We need someone to Turbocharge our x-cart. We have 5,000 products, good google coverage, and 50,000 hits / month. We need a programmer to get us going- and we'll help to introduce them to our 10,000 plus customer base. We can't afford to keep throwing $200 + $200 install for Modules that don't work!- Let's be rock stars together- Jack Fitzgerald: CCO

Our eBay bill was $3,000 last Month. Get my Checkout working- Show me $5,000 in sales, and we'll put your Mod as a product on our Home Page for a Month. Go to google merchant center, and take a look for industryrecycles ...

We need to find programs and products / partners who can make those 50,000 hits WORK!

kulture · #9 07-01-2010, 12:23 PM

Looking at
http://usa.visa.com/download/merchants/payment_application_security_mandates_regions.pdf

The deadline for UK is 2012, but if you are implimenting a new site it is better to go down this type of route.

geckoday · #10 07-02-2010, 05:40 AM

Quote:

Originally Posted by kulture

Looking at
http://usa.visa.com/download/merchants/payment_application_security_mandates_regions.pdf

The deadline for UK is 2012, but if you are implimenting a new site it is better to go down this type of route.

That bulletin only applies to VISA, Inc., not VISA Europe which is separate company that licenses the VISA brand. I don't believe VISA Europe has announced a PA-DSS compliance deadline yet but I'm not certain. I couldn't find anything on it on their web site.