Reply
Highlighted
Contributor
Posts: 42
Registered: ‎09-26-2015
Accepted Solution

Is createAIMTransaction Secure

Does AIM's createAIMTransaction communicate securly to Authorize.Net and if so do I need to configure anything on my end to enable the secure transaction?  My web sever is secured with a cert but it acts as a gateway to Authorize.Net and I want to check the communications between my server and Authorize.Net's servers (not the client browser to my web site) are secured.

 

 


Accepted Solutions
Solution
Accepted by topic author zappullae59
‎12-05-2016 10:25 AM
All Star
Posts: 699
Registered: ‎11-03-2016

Re: Is createAIMTransaction Secure

Hi @zappullae59,

 

When your server sends a transaction to the Authorize.Net server, your server is acting as the client, and is connecting to a https: URL at Authorize.Net. So, your server is doing the same thing that a browser would in that situation. It negotiates a secure encrypted connection to the Authorize.Net server using TLS, and then sends and receives information securely over that connection.

 

There's nothing else you need to do to enable that on your end. Basically, if your system can successfully connect and send a transaction, then it's working securely.

 

Future concerns:

At some point in the future, all payment processors will be required to tighten their security and only use the latest most secure version of TLS, TLS v1.2. The date that everyone's required to meet has been changed recently, so we don't have an exact date of when we will require that on our end. See https://community.developer.authorize.net/t5/News-and-Announcements/Update-Regarding-TLS-Remediation...

 

When we do reconfigure things on our end to require TLS 1.2, that might require some changes on your end. Usually, it's as simple as just making sure you have an up to date version of Java or .NET or whatever other application environment you're using on your end. More details about dates on our end will be communicated as we get closer to the PCI Security Standards Council's deadline.

View solution in original post


All Replies
Solution
Accepted by topic author zappullae59
‎12-05-2016 10:25 AM
All Star
Posts: 699
Registered: ‎11-03-2016

Re: Is createAIMTransaction Secure

Hi @zappullae59,

 

When your server sends a transaction to the Authorize.Net server, your server is acting as the client, and is connecting to a https: URL at Authorize.Net. So, your server is doing the same thing that a browser would in that situation. It negotiates a secure encrypted connection to the Authorize.Net server using TLS, and then sends and receives information securely over that connection.

 

There's nothing else you need to do to enable that on your end. Basically, if your system can successfully connect and send a transaction, then it's working securely.

 

Future concerns:

At some point in the future, all payment processors will be required to tighten their security and only use the latest most secure version of TLS, TLS v1.2. The date that everyone's required to meet has been changed recently, so we don't have an exact date of when we will require that on our end. See https://community.developer.authorize.net/t5/News-and-Announcements/Update-Regarding-TLS-Remediation...

 

When we do reconfigure things on our end to require TLS 1.2, that might require some changes on your end. Usually, it's as simple as just making sure you have an up to date version of Java or .NET or whatever other application environment you're using on your end. More details about dates on our end will be communicated as we get closer to the PCI Security Standards Council's deadline.

Contributor
Posts: 42
Registered: ‎09-26-2015

Re: Is createAIMTransaction Secure

Thank you Aaron.