cancel
Showing results for 
Search instead for 
Did you mean: 

Merchant-Defined Data & Personal Identifying Information

My question is less a technical solution and more a policy question, so please forgive me if this is the wrong place to ask.

 

I have a need to include a list of invoice numbers to be associated with a transaction, rather than just a single invoice number. Having read the "SIM Developer Guide - January 2012" I believe using the Merchant-Defined Data fields would provide a simple solution.  My only concern is the warning about including personal identifying information. 

 

The invoice numbers I would be using are associated to an account, and NOT an individual.  Also the invoice number does NOT contain any, and is NOT derived from any personal identifying information. So I firmly believe that we would be following both the intent and letter of the guidelines, but this being my first time working with Authorize.Net I was hopping a staff member could comment.

 

Thank you for your time.

Chris McDonald

 

McDonaldChris
Member
1 ACCEPTED SOLUTION

Accepted Solutions

Any field which is represented in the official field list is allowed to be passed. Invoice number is one of those fields, therefore invoice numbers are okay to pass. The -quantity- of invoice numbers doesn't change anything.

 

You might have to wait a while if you want a post from an official employee, but they'll just say the same thing.

View solution in original post

TJPride
Expert
3 REPLIES 3

Any field which is represented in the official field list is allowed to be passed. Invoice number is one of those fields, therefore invoice numbers are okay to pass. The -quantity- of invoice numbers doesn't change anything.

 

You might have to wait a while if you want a post from an official employee, but they'll just say the same thing.

TJPride
Expert

Hey Chris,

 

I'll second what TJPride said. Merchant-Defined Fields (MDFs) can be used to submit additional order information, and Authorize.Net considers any field submitted that is NOT a part of our documentation to be an MDF.

 

That warning is to remind people that they should not be sending any kind of sensitive or personally identifying information in an MDF. For instance, a credit card number or a perhaps a social security number. That kind of information should only be submitted in a defined Authorize.Net field to help assure compliance with the Payment Card Industry Data Security Standard (PCI DSS). The reason is that MDFs are included in the merchant email receipt and in the transaction response, so there is a risk that the merchant’s emails could be intercepted to obtain the data and an increased possibility that data included in the MDF is not being handled by the merchant in accordance with PCI DSS.

 

Hope that helps.

 

Thanks,

 

Michelle

Developer Community Manager

I implemented using .net and tried passing MDF values in the payment. but could not find those in transaction details

Used this class, Ptsv2paymentsMerchantDefinedInformation

 

Thanks

Rafiq