Search

OUR API

API Developer Guides API Reference Sample Code [on GitHub]
SDKs [on GitHub] API Change Log System Change Log
Upgrade Guide

Hello World

Get Started Common Setup Questions How Payments Work
Testing Guide Go-Live Checklist

Support

Get Support News and Announcements Forums
Authorize.net on GitHub Authorize.net on Stack Overflow Developer Blog
Response (Error) Codes FAQs Knowledge Base

Sign In

Sandbox Affiliate

Search Developer Site

Integration and Testing

Authorize.Net API questions and help with your payment integration.

Reply
Member
DaveHatz
Posts: 2
Registered: ‎11-21-2014

If we move to CIM API, can we turn off Authorize.net from accepting Credit Card transactions?

‎11-21-2014 02:23 PM

We are looking to move to CIM API.  Once we go with Tokens instead of sending CC info, is there a way we can have our Authorize.net account not accept CC transactions?

 

We have a rogue IT person in our group that has obtained the Login and API keys we use now and he is processing customer transactions to make the company look bad with Customers.  We have changed the API Key, but I am sure he will get it again.  He is trying to make the company look bad.  

 

Once we go to Tokens, we will not store any CC info on our servers, but don't want him trying to process transactions with CC info he already has.

Message 1 of 3 (42,052 Views)
Reply
0 Kudos
RichardH
Posts: 2,765
Topics: 57
Kudos: 248
Blog Posts: 67
Registered: ‎12-05-2011

Re: If we move to CIM API, can we turn off Authorize.net from accepting Credit Card transactions?

‎11-21-2014 02:58 PM

Hello @DaveHatz 

 

Unfortunately, it's not currently possible to move completely away from accepting payment cards.

 

I would also recommend taking immediate steps to secure your server and access to credentials.

 

Richard

Message 2 of 3 (42,046 Views)
Reply
0 Kudos
Member
DaveHatz
Posts: 2
Registered: ‎11-21-2014

Re: If we move to CIM API, can we turn off Authorize.net from accepting Credit Card transactions?

‎11-21-2014 05:40 PM

Thanks for the quick reply Richard.    We are trying to figure out how he obtained the API Transaction Key and password and we are not exactly sure which 1 of our IT guys did it.  We know it came from within because only an IT User would have access to some of the information to process cards.  We have already changed the keys and are going to start using Tokens instead of the Credit Cards, which I recommended to CTO years ago, but why listen to me then :)

 

Unfortunately hacking is a little above my pay scale :)   We have had this site up for 7 or 8 years and I have never seen anything like this before.   Trying to figure out if we are passing information to auth.net that is not using HTTPS protocols now.   

 

Do you happen to know of any links that would help my analysis on how he might have done it?  I have look at WireShark and Fiddler, but not sure those will work using HTTPS.   

 

Thanks again for your help.

Message 3 of 3 (42,038 Views)
Reply
0 Kudos