What is Sage Pay Go with Direct integration?

The Direct integration method with Sage Pay Go is designed to enable you to take card details on your own secure servers and pass them across to us for authorisation and secure storage in a server-to-server session that does not involve redirecting the shopper to the Sage Pay payment pages. This enables you to white-label the payment process. Your shopper never leaves your site and they do not necessarily know that Sage Pay is authorising the transaction on your behalf, although in practice many vendors choose to tell their shoppers in case they have concerns about card security.

To use Direct you will need a 128-bit SSL certificate to secure your payment pages. These can be obtained from a number of sources, including Trustwave. We have been working with our own data security partner, Trustwave, to set up a program for Sage Pay customers to make PCI DSS compliance easy and cost effective.

You will also need to be able to make HTTPS POSTs from scripts on your server (using something like OpenSSL on Linux platforms, or the WinHTTP object in Win32). If you are hosting with a third party company we recommend you talk to them about these requirements before committing to use Direct. If you cannot install a certificate for your payment pages, we would recommend using Server instead. If you cannot perform HTTPS POSTs from your scripts, we would recommend Form.

Recently Visa, MasterCard and other major card schemes have introduced security audits to ensure that all merchants who collect credit card data comply with strict guidelines surrounding the collection and storage of credit card data.

Direct vendors collect credit card data on their own website and will be asked by their bank to undergo an audit to ensure that data is kept secure at all times.