Sage Pay Form & Direct For Easier Online Payments

SagePay is ready for PSD2 & 3D Secure V2 ↑ Back to top

Jump to the 3D Secure 2 docs

Our SagePay Form/Direct plugin is two payment gateways in one, allowing you to use one or both to take payments with WooCommerce via SagePay UK.

You need to sign up for a SagePay UK account to use this plugin: www.sagepay.co.uk

Option 1: SagePay Form

  • Customer is redirected to SagePay to complete payment – simplifies PCI Compliance
  • SSL Certificate not required

Option 2: SagePay Direct

  • Customer stays onsite for entire transaction
  • SSL Certificate required
  • Supports WooCommerce Pre-Orders
  • Supports recurring payments for WooCommerce Subscriptions
  • Supports refunds in WooCommerce admin
  • Supports Tokens with WooCommerce 2.6 and higher
  • Capture Authorised transactions from within WooCommerce

Installation and Updating ↑ Back to top

For a new installation please review our extension installation guide

If you need to update the extension you can do this from your WordPress admin if you have connected the site to WooCommerce.com, you can read more about that here

You can also update manually by downloading the latest version from your WooCommerce account

Once you have the zip file downloaded you should deactivate and delete the existing version from your WordPress plugins page and then install the new version using the upload option. You will not lose any settings or data by updating this way.

Setup and Configuration ↑ Back to top

Go to the SagePay Form or SagePay Direct Settings page(s).

sagepay-settings

Configure the Settings – SagePay Form ↑ Back to top

Configure the settings page to suit your business. At a minimum, you must:

  1. Tick the Enable SagePay Form box
  2. Enter your Vendor Name (supplied by SagePay)
  3. Enter your Encryption Password (supplied by SagePay)
  4. Save.

Configure the Settings – SagePay Direct ↑ Back to top

Configure the settings page to suit your business. At a minimum, you must:

  1. Tick the Enable SagePay Direct box
  2. Enter your Vendor Name (supplied by SagePay)
  3. Save.

How to setup PayPal for SagePay Direct ↑ Back to top

Creating a PayPal test account
Enabling Sage Pay on your PayPal test account
Linking PayPal to your Live account

Once Sage have enabled PayPal on your account you will need to add PayPal as a card type in your WooCommerce SagePay settings.

Now your customers will see the PayPal option in the card type dropdown

IMPORTANT : PayPal will not show if there is a subscription product in the cart.

Testing ↑ Back to top

Place several test transactions to confirm that everything is working correctly. Once you have completed testing, contact SagePay about making your account live. SagePay will notify you when ready, and then you set the status to Live.

SagePay has a list of test cards you can use to carry out test transactions at: Test Card Details for Test Transactions.

Frequently Asked Questions ↑ Back to top

I’m getting a message of: MALFORMED 3045 : The Currency field is missing. ↑ Back to top

This is because you are using the wrong password in the Encryption Password field. SagePay sends you at least two passwords, one for your account and one encryption password. You need to use the second one.

I’m seeing a 5080 error when I get to Sage. ↑ Back to top

Normally this is a password issue, make sure you have the encryption passwords set correctly – the live and testing passwords should be different. If it’s not a password issue then check the PHP error logs.

My customers are seeing “Sage Request Failure Check the WooCommerce SagePay Settings for error messages” after paying with SagePay Form ↑ Back to top

This is usually due to a server plugin called SUHOSIN, you will need to edit PHP.ini on your server and change the following settings

to

My customers are returned to a blank screen after paying with SagePay Form ↑ Back to top

Are you using iThemes Security? Make sure to uncheck the “Long URL Strings” option.

iThemes Security Long Strings Option

Do I need to use SagePay Form and SagePay Direct? ↑ Back to top

No, you can use whichever method(s) you set up with SagePay.

Why do transactions that fail 3D Secure still show as approved? ↑ Back to top

Log into MySagePay (https://live.sagepay.com/mysagepay/login.msp) and check your 3D Secure rules. For example:

sagepay-3dsecure

4020 : Information received from an Invalid IP address ↑ Back to top

You must add the IP address of your hosting to MySagePay. If you don’t know the IP address, you can obtain it from here http://www.hcidata.info/host2ip.cgi

Add IP Address

Surcharges and SagePay Form ↑ Back to top

The surcharge settings have been removed from the SagePay Form settings. To bring them back you will need add the following function in your custom functions :

There are two filters available to allow for conditional application of the surcharges and conditional modification of the surcharges.

To set when the surcharges should be applied use :

apply_filters( 'woocommerce_sagepayform_apply_surcharges', true, $order, $sage_pay_args_array );

To modify the surcharge XML use :

apply_filters( 'woocommerce_sagepayform_modify_surcharges', $surchargexml, $order, $sage_pay_args_array, $cardtypes );

Version 3.2.1 ↑ Back to top

With Version 3.2.1 the SagePay Direct checkout form was changed to include a drop down for card type. Sage requires that the card type is included in the transaction information. Previously this was done by checking the first 6 digits of the card number using a 3rd party service BIN List (https://en.wikipedia.org/wiki/Bank_card_number) Unfortunately this service has proved to be occasionally unreliable and so has been replaced by the drop down.

Tokens ↑ Back to top

As of version 3.3.0 tokens are supported with SagePay Direct. Your site will need to be running WooCommerce 2.6.0 or higher.

Tokens must be enabled on your SagePay account before your site will be able to use them.

The card details are not stored on your site, only the token from Sage, the last four digits of the card number and the expiry date. You will not be able to store the CV2 number so this is not used during transactions that use a token, it will be checked when the token is created.

3D Secure will only be checked when the token is created, not for subsequent transactions using the token.

Tokens can also be used for Subscription payments making it easier for your customers to change their card details on your site.

Fraud Screening in SagePay Direct ↑ Back to top

Sage provide some fraud screening during the payment process. If they flag a transaction then the order status will be changed during the checkout process to alert you. You will need to login to MySagePay to confirm that you are prepared to ship the order or that you need to cancel it. Once you have reviewed the reasons for the fraud notification you can go back to WooCommerce and update the order as necessary.

You can read about the way transactions are scored by Sage here

“Checks” column ↑ Back to top

This section displays the status of checks done by Sage, previously this information was only included in the order notes. You will see

which will allow you to quickly check that the address, postcode, CV2 and 3D Secure information where all provided correctly. Green indicates correct, yellow indicates not checked and red indicates the information provided by the customer was incorrect. It is up to you to decide how to proceed if the icons are not green. Please note, renewal orders for subscription payments may not be all green as the checks are not re-done.

Note: This information may not be available or may be incomplete for orders placed before version 3.4.0 was installed. It has always been included in the transaction information in the order notes.

3D Secure 2 setup and testing ↑ Back to top

Setup ↑ Back to top

SagePay has not enabled 3D Secure 2 on their live servers, you can test Protocol 4 and 3D Secure 2 but you will not be able to process live transactions at this time. Sage will be in touch when they are ready for live transactions.

  1. In the WooCommerce SagePay Direct settings, make sure you have the VPS Protocol option set to “4.00”
  2. Make sure you have set up 3D Secure rules in the LIVE and TEST MySagePay. You can read more about setting up the rules on the SagePay website

Testing ↑ Back to top

To place test orders using 3D Secure 2.0 you will need to be in “testing”

Then you can choose the “Magic Value” in the drop down

Each value in the drop down will give a different result for a test transaction.

Magic Value 3DSecureStatus Description
SUCCESSFUL OK This is returned for a frictionless flow where authentication is successful
NOTAUTH NOTAUTHED This is returned for a frictionless flow where authentication is NOT successful
CHALLENGE Status=3DAUTH
3DSecureStatus=OK
This is returned for a challenge flow, where the cardholder will be re-directed to the ACS to enter two-factor authentication. A CReq, VPSTxId, ACSURL and StatusDetail will also be returned.
Once you re-direct to the ACSURL, entering the correct password displayed on the site will simulate a successful authentication, entering any other password will simulate an un-successful authentication.
PROOFATTEMPT ATTEMPTONLY The cardholder attempted to authenticate themselves, but the process did not complete. A CAVV is returned and this is treated as being successfully authenticated.
NOTENROLLED NOAUTH This means the card is not enrolled in the 3D-Secure scheme.
TECHNICALDIFFICULTIES INCOMPLETE 3D-Secure authentication was unable to complete. No authentication occurred.
STATUS201DS Fallback to 3DSv1 Simulates fallback to 3DSv1. You will receive a PAReq, MD, ACSURL and StatusDetail
ERROR ERROR Simulates an error condition where 3D-Authentication cannot be performed due to data errors or service unavailability in one of the parties involved in the check

Test Cards ↑ Back to top

You will always receive an OK response and an Authorisation Code from the test server if you are using one of the test cards listed below. All other valid card numbers will be declined, allowing you to test your failure pages.

If you do not use the Address, Postcode and Security Code listed below, the transaction will still authorise, but you will receive NOTMATCHED messages in the AVS/CV2 checks, allowing you to test your rulebases and fraud specific code.

There are different cards for Visa and MasterCard to simulate the possible 3D-Secure responses.

Billing Address 1: 88 The Street
Billing Post Code: ST41 2PQ
Security Code: 123
Valid From: Any date in the past
Expiry Date: Any date in the future

Payment Method Card Number CardType Response 3D-Secure Response (VERes)
Visa 4929 0000 0000 6 VISA Y
Visa 4929 0000 0555 9 VISA N
Visa 4929 0000 0001 4 VISA U
Visa 4929 0000 0002 2 VISA E
Visa Corporate 4484 0000 0000 2 VISA N
Visa Debit 4462 0000 0000 0003 DELTA Y
Visa Electron 4917 3000 0000 0008 UKE Y
MasterCard 5404 0000 0000 0001 MC Y
MasterCard 5404 0000 0000 0043 MC N
MasterCard 5404 0000 0000 0084 MC U
MasterCard 5404 0000 0000 0068 MC E
Debit MasterCard 5573 4700 0000 0001 MCDEBIT Y
Maestro (UK Issued) 6759 0000 0000 5 MAESTRO Y
Maestro (German Issued) 6705 0000 0000 8 MAESTRO Y
Maestro (Irish Issued) 6777 0000 0000 7 MAESTRO Y
Maestro (Spanish Issued) 6766 0000 0000 0 MAESTRO Y
American Express 3742 0000 0000 004 AMEX N/A
Diners Club / Discover 3600 0000 0000 08 DC N/A
JCB 3569 9900 0000 0009 JCB N/A
PayPal Use your own PayPal Sandbox PAYPAL N/A

Feedback and feature requests ↑ Back to top

For feedback on the SagePay Form/Direct gateway, this documentation or for feature requests please email support@chromeorange.co.uk

Questions & Support ↑ Back to top

Have a question before you buy? Please fill out this pre-sales form.

Already purchased and need some assistance? Get in touch the developer via the Help Desk.

WooCommerce - the most customizable eCommerce platform for building your online business.

Back to the top