X-Cart:Sage Pay
Contents
Overview
Sage Pay is a large UK-based internet payment service provider which offers a range of services allowing you to securely process credit card payments online. Among the acquiring banks for the Sage Pay gateway are Lloyds TSB, Bank of Scotland, HSBC, JCB, American Express and other banking institutions. Sage Pay provides a number of different options for website payments. X-Cart is currently integrated with the following products: Sage Pay Form and Sage Pay Direct. The major difference between the two protocols is where you host the payment pages for you store.
Sage Pay Form
With Sage Pay Form the payment pages are hosted on the side of Sage Pay; customers get redirected to the Sage Pay website during the purchase and enter their card details there. Sage Pay Form is generally recommended if you do not have enough resources to ensure adequate security of your your server/hosting account. You must choose Form if your shared hosting account lacks a dedicated IP address, dedicated SSL certificate and/or one of the supported HTTPS modules (Net::SSLeay, CURL, libCURL, OpenSSL or HTTPS-cli).
Sage Pay Direct
With Sage Pay Direct the payment pages are hosted together with the rest part of your store; the data is transferred to Sage Pay in the background mode and customers never leave your website during the purchase. If necessary, you can even use this advantage to white-label the payment process, although it is common practice that you tell your customers which provider is going to process their payment in case customers have concerns about card security.
To use Sage Pay Direct in your store you need:
- A dedicated IP address. Required to be able install a dedicated SSL certificate.
- A dedicated 128-bit SSL certificate to secure your payment pages. For recommended SSL certificate providers please check the X-Cart marketplace at http://marketplace.x-cart.com/.
- Any of the supported HTTPS modules (Net::SSLeay, CURL, libCURL, OpenSSL or HTTPS-cli) installed on your server.
You must also be aware that now Visa, MasterCard and other major card issuing authorities have introduced strict rules and guidelines that cover any activity on collecting and storing card details. Since with Sage Pay Direct you will be collecting sensitive card info on your website, you will need to comply these rules and guidelines and undergo an audit to ensure that the data is protected well. If you do not wish to undergo such an audit, outsource the collecting of card info to Sage Pay by using Sage Pay Form.
Obtaining a Sage Pay Account
If you have not registered an account with Sage Pay yet, you should do it before you start setting up Sage Pay in X-Cart. To open an account, go to the Sage Pay website at https://support.sagepay.com/apply/ and follow the instructions on the screen. After you have registered an account, you can set up Sage Pay Form or Sage Pay Direct in the X-Cart Admin area.
Alternatively, you can test Sage Pay without opening an account by using the gateway to the "simulator" operating mode.