• You are unable, or do not wish, to maintain your own secure web servers and have chosen instead to have them managed by a third party hosting company.

Hosting companies already working with Sage Pay

• Your website is run from a shared system with the same web server delivering many different web sites. In these circumstances, an individual company has very limited abilities to install anything more than simple HTML pages and script files, and cannot normally install items outside their own user area (especially if this involves components that will affect the entire server).
  
  
• You do not wish for any sensitive information to be collected or stored on your site. This removes the need for you to maintain highly secure encrypted databases, obtain digital certificates and invest in high-level PCI DSS compliance.
  
  

• Quick and easy set up.
  
  How to integrate
  
  
• Sage Pay Go with Form integration supports XOR and AES encryption standards. Your web developer will be able to choose the encryption standard to best suit your business.
  
  
• It can be used on shared web servers.
  
  
• All transaction information is held at Sage Pay, including the full shopping basket contents. No data is collected, stored or transferred from your site, so you only have to take care of a basic level of PCI DSS compliance.
  
  
• e-mails can be sent automatically from the Sage Pay servers to you and your shoppers, confirming the success or failure of the transaction, which means you don’t have to do anything manually.
  
  
• Form integration can be handled using standard scripting languages like ASP, ASP.net, PERL, PHP JSP etc. Your developer will know which is best for your website.
  
  
• Many shopping carts are already compatible with Sage Pay Go and the Form integration.

  View list of shopping carts
  
  

• While this system is easier and quicker to integrate with than Server or Direct option, you should only consider it if you are prevented from working with Server. Server-to-server communication gives you greater control over customers’ shopping experience and more flexibility in managing your online transactions.
  
  
• Form integration should be used in conjunction with My Sage Pay administration and reporting tools for best results.
  
  
• Form integration is generally not recommended for merchants selling instantly downloadable products and in these instances Sage Pay Go with Server integration should be considered.
  
  
• For further information about any of our integration options email support@sagepay.com.

• Database compatibility: Server intergartion offers you a more advanced database compatibility, which means you can store more information about the transaction such as the amount, the products selected, the shopper’s contact details and the result of the authorisation supplied by Sage Pay.
  
  
• Customisation: The payment pages are fully customisable. Server integration also comes with inFrame technology, where our secure payment fields are framed by your branding, which means your customer doesn’t even move from your URL. This instantly reduces the need for high-level PCI DSS compliance and doesn’t compromise your customers’ shopping experience on your site.
  
  
• Security: It is a secure HTTPS POST from your web server to the Sage Pay’s Test or Live servers, followed by a callback, enabling you to automate actions more freely.
  
  
• It is arguably the most secure of Sage Pay’s integration, combining the security of HTTPS POST with other anti-fraud features, ensuring that no tampering has taken place during the transaction….
  
  More on Server security and functionality
  
  
• Customisable reports: Although My Sage Pay is an extremely useful reconciliation tool, you’re not limited to using it. With Server integration you can use your own customised reporting area, if you prefer.
  
  
• Automation: You can also use the information within the database to send remote requests for refunds and repeats, unlike Form where there is a reliance on My Sage Pay to perform refunds and repeat/releases) For example, with Server integration and some additional coding, you can create a button in your own software which will send a request to have a transaction refunded.
  
  

• Many web management companies do not wish to install specific components on their servers because of disruption of standard building procedures. In these instances the specific scripts and the dependent components required for Server and Direct integration cannot be installed.
  
  
• Sage Pay Go with Server integration is compatible with many shopping carts and e-commerce platforms, however some off-the-shelf shopping carts can only be used in conjunction with Form integration. Check with your shopping cart provider, or contact us at support@sagepay.com for more information.
  
  
  

• Direct integration is essentially a white-label payment service. It is the method in which you pass the data to Sage Pay, not the method in which you collect it, which means you have complete control over the look and feel of your payment pages.
  
  
• Your customer never leaves your site and they do not necessarily know that Sage Pay is authorising the transaction on your behalf. Although, in practice many vendors choose to tell their shoppers as many have concerns over card security.
  
  
• It is ideal for large companies with existing back office payment software, such as a call centre and want to integrate their payment system and manage the whole of the payment process internally.
  
  
  

• Security: You will need a 128-bit SSL certificate to secure your payment pages. These can be obtained from a number of sources including VeriSign and Thawte.
  
  
• You will also need to be able to make HTTPS POSTs from scripts on your server (using something like OpenSSL on Linux platforms, or the WinHTTP object in Win32). If you are hosting with a third party company we recommend you talk to them about these requirements before committing to Sage Pay Go with Direct integration.
  
  
• If you cannot install a certificate for your payment pages, we would recommend you consider Server integration with inFrame instead.
  
  
• If you cannot perform HTTPS POSTs from your scripts, we would recommend Sage Pay Go with Form integration.
  
  
• PCI DSS compliance: Because you are collecting, storing and transferring card data, you will need to comply with strict guidelines. Your bank will ask you to undergo an audit to ensure that data is kept secure at all times. This can be extremely costly, so if you do not wish to undergo such an audit, then outsourcing your payments by using our Server integration option and inFrame, could be a sensible alternative.
  
  Need help with PCI DSS compliance?