Question about authorize.net and PCI

["Scott." <Sc...@anglolimited.com>]

Hello all,

We are very close to finalizing our method of credit card processing within
ofbiz and of course, PCI compliance is taking a front seat. We will be using
authorize.net as our gateway and they several different methods with regards
to integration. The easy thing would be to use the current supported method
but my preference would be to not store credit card info at all.

They are the Simple Checkout, Server Integration Method (SIM) and the
Advanced Integration Method (AIM). I believe that ofbiz natively supports
AIM. The main difference between the three is that from a PCI standpoint the
simple and the SIM method store the credit card data on the Authorize.Net
PCI-compliant servers thus eliminate the PCI compliance for our company. If
I am correct, the SIM method keeps your checkout pages looking the way they
were designed and being able to use the native ofbiz to actually charge
authorizations, etc.

Has anyone implemented this with ofbiz successfully? How much trouble will
be to modify the ofbiz payment services not to store/read any sensitive
credit card information. 

Thanks in advance for any thoughts.

-- 
View this message in context: http://n4.nabble.com/Question-about-authorize-net-and-PCI-tp276274p276274.html
Sent from the OFBiz - User mailing list archive at Nabble.com.

Re: Question about authorize.net and PCI

[Tim Ruppert <ti...@hotwaxmedia.com>]

I'm not sure about your specific needs here being provided OOTB, but  
we recently added the ability to clean out the actual credit card  
information.  I think that Scott did this at the product store level  
and we're using Authorize.net in this capacity.  Sorry, I can't  
remember the flag off the top of my head - but I know that it was  
around June of this year.

Cheers,
Ruppert
--
Tim Ruppert
HotWax Media
http://www.hotwaxmedia.com

o:801.649.6594
f:801.649.6595

On Oct 22, 2009, at 9:47 AM, Scott. wrote:

>
> Hello all,
>
> We are very close to finalizing our method of credit card processing  
> within
> ofbiz and of course, PCI compliance is taking a front seat. We will  
> be using
> authorize.net as our gateway and they several different methods with  
> regards
> to integration. The easy thing would be to use the current supported  
> method
> but my preference would be to not store credit card info at all.
>
> They are the Simple Checkout, Server Integration Method (SIM) and the
> Advanced Integration Method (AIM). I believe that ofbiz natively  
> supports
> AIM. The main difference between the three is that from a PCI  
> standpoint the
> simple and the SIM method store the credit card data on the Authorize.Net
> PCI-compliant servers thus eliminate the PCI compliance for our  
> company. If
> I am correct, the SIM method keeps your checkout pages looking the  
> way they
> were designed and being able to use the native ofbiz to actually  
> charge
> authorizations, etc.
>
> Has anyone implemented this with ofbiz successfully? How much  
> trouble will
> be to modify the ofbiz payment services not to store/read any  
> sensitive
> credit card information.
>
> Thanks in advance for any thoughts.
>
> -- 
> View this message in context: http://n4.nabble.com/Question-about-authorize-net-and-PCI-tp276274p276274.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.

Re: Question about authorize.net and PCI

["Scott." <Sc...@anglolimited.com>]

Thanks to all for the help. Its much appreciatd.

Scott. sent the following on 10/22/2009 8:47 AM:
> Hello all,
> 
> We are very close to finalizing our method of credit card processing
> within
> ofbiz and of course, PCI compliance is taking a front seat. We will be
> using
> authorize.net as our gateway and they several different methods with
> regards
> to integration. The easy thing would be to use the current supported
> method
> but my preference would be to not store credit card info at all.
> 
> They are the Simple Checkout, Server Integration Method (SIM) and the
> Advanced Integration Method (AIM). I believe that ofbiz natively supports
> AIM. The main difference between the three is that from a PCI standpoint
> the
> simple and the SIM method store the credit card data on the Authorize.Net
> PCI-compliant servers thus eliminate the PCI compliance for our company.
> If
> I am correct, the SIM method keeps your checkout pages looking the way
> they
> were designed and being able to use the native ofbiz to actually charge
> authorizations, etc.
> 
> Has anyone implemented this with ofbiz successfully? How much trouble will
> be to modify the ofbiz payment services not to store/read any sensitive
> credit card information. 
> 
> Thanks in advance for any thoughts.
> 

-- 
BJ Freeman
http://www.businessesnetwork.com/automation
http://bjfreeman.elance.com
http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro
Systems Integrator.




-- 
View this message in context: http://n4.nabble.com/Question-about-authorize-net-and-PCI-tp276274p276544.html
Sent from the OFBiz - User mailing list archive at Nabble.com.