cancel
Showing results for 
Search instead for 
Did you mean: 

Asking for Winforms Advice on Current Authorize.Net Integration Practices

I realize that this has been asked in older posts, but I am in need of updated information and some clarification on on a couple of items I have seen.

 

Quick overview:

I have a winforms application that is capturing CC data in an offline mode (i.e. NOT connected to the internet at the time of capture) when the business transaction occurrs (this is for an auction). Once the auction is over and all of the reconciliation has happened, the user goes online and processes the credit cards with the processor of choice.   I am currently using MagTek encrypted readers at the moment, specifically for using TSYS' processing APIs.  This way the CC data is completely encrypted and we don't have to worry about PCI compliancy.  This all works fine and I am very happy with it.

 

We'd like to add Authorize.Net to our processing options, but from what I am reading, both here in the community forums and over at Authorize.Net's main dev site's docs, I would have to use the AIM method (for lack of a better term) to capture CC data and then send that over the wire to the secure web address using XML.  However, I have not seen anything about using encrypted CC Data with Authorize.Net.  All I have seen is that the CC data is sent over the secure line in plain text and I'd be on the hook for PCI compliancy for the storage of unencrypted data.

 

So the questions I need clarification on are this:

  1. Has Authorize.Net started supporting encrypted CC data?  If so what devices are supported?
  2. Is the AIM method the only one available in this scenario?  If not, then what other options do I have?
  3. Can I use the CIM method and use the token generated for secure purchases? (If I have read that right.)
  4. If Authorize.Net does not support encryption then I am on the hook for PCI compliency.  Correct?

Thanks for any and all advice in advance!

 

Eric

DadTo2
Member
1 REPLY 1

Hello @DadTo2 

 

In answer to your questions:

  1. Yes, we do support encrypted transactions for a limited number of mobile devices.  See http://developer.authorize.net/hardware for details.  We are working with mulitple manufacturers to add support for their devices.
  2. For encrypted transactions, you will need to use AIM. See http://developer.authorize.net/api/reference 
  3. If you have customer profiles stored with CIM, you can use the payment profile or "token" to process transactions.
  4. For questions about PCI, I would recommend contacting your QSA to ensure you are following all of the latest requirements or you can contact our preferred partner TrustWave at http://www.authorize.net/qsa

Richard

RichardH
Administrator Administrator
Administrator