Reply
Highlighted
Member
Posts: 6
Registered: ‎05-16-2016

PCI Compliance

Does anyone know who I can reach out to at Authorize.Net to discuss what type of PCI compliance issues I might have with the implementation I want to use.

 

Thank you.

Highlighted
Member
Posts: 6
Registered: ‎05-16-2016

Re: PCI Compliance

[ Edited ]

Okay, if no one seems to have an answer on who to contact maybe you can kind of help with the dilemma.

 

What type of PCI Compliance will I have with storing Customer Profile Id?

 

What type of PCI Compliance will I have with using Customer Profile Id and Payment Profile Id to create ARB Subscriptions and/or transactions based on the Ids on my server?

 

Take into account that the only information we are using are the profile Ids, we want to use the CIM Hosted forms for the user to enter in their CC information / Billing address. None of that gets sent to our server. The only thing we will have initially is a customer profile ID which is created on our server via the email address they are enter.

 

Also how secure is getHostedPageToken and sending that to the view (we use .Net/C#)? What is stopping someone else from grabbing that token and using it?

 

Thank you.

Highlighted
Member
Posts: 5
Registered: ‎03-07-2017

Re: PCI Compliance

I would like to learn more about what this means as well, jsstudz.

 

Like you I have a client who is not storing credit card information but they are storing transaction IDs and in the future we are talking about storing the customer profile IDs to be used for purchasing items in their online store.

 

Did you every determine the requirements for being PCI Compliant in the scenario you described?

 

Thanks.