Search

OUR API

API Developer Guides API Reference Sample Code [on GitHub]
SDKs [on GitHub] API Change Log System Change Log
Upgrade Guide

Hello World

Get Started Common Setup Questions How Payments Work
Testing Guide Go-Live Checklist

Support

Get Support News and Announcements Forums
Authorize.Net on GitHub Authorize.Net on Stack Overflow Developer Blog
Response (Error) Codes FAQs Knowledge Base

Sign In

Sandbox Affiliate

Search Developer Site

Integration and Testing

Authorize.Net API questions and help with your payment integration.

Reply
Member
brucerowe
Posts: 8
Registered: ‎01-20-2012

Using a card swipe with *SIM*

‎01-20-2012 02:30 PM

Due to the new PCI / DSS rules, we are removing the ability for our desktop app to use the Card Present / AIM method. We have converted our application to use the SIM interface.

 

SIM works well, but there is 1 problem. It does not support swiped transactions. If I tell our customers that they cannot use their card swipes, they will scream. They have good reasons:

1. Swiped transactions are faster and more accurate

2. A non-swiped (card not present) transaction is charged about ½ percent more for the merchant discount rate.

 

What we are looking for is a way to pass information back and forth - like in the SIM interface. The only difference is that with the swiped transaction, there would be a field on the Authorize.net for that could accept a card swipe.

 

It would work like this:

1. The initial form gets submitted with the fingerprint in a post (same as now). However, there would be another variable that indicated that a card swipe will be used.

2. Authorize.net will send the information back to display the payment gateway hosted payment form

3. The merchant would swipe the card and click submit.

4. Authorize.net returns the receipt (same as it does now).

 

The transactions would be faster, more accurate and PCI compliant. And, there is not much programming to be done.

 

This is a matter of some importance. We have several hundred merchants as customers. This issue is enough to force us to use another payment gateway.

 

Is there any way that we can stay with Authorize.net?

 

Thanks in advance.

 

Bruce

Message 1 of 8 (100,108 Views)
0 Kudos
TJPride
Posts: 1,609
Topics: 15
Kudos: 201
Solutions: 121
Registered: ‎06-23-2011

Re: Using a card swipe with *SIM*

‎01-20-2012 09:57 PM

I'm not understanding your issue with using AIM? In a card-present situation, the card information is already right there (you're holding it in your hand), and regardless of implementation method, is always going to pass through your computer on its way to the merchant system. How is using SIM going to reduce your PCI exposure at all?

Message 2 of 8 (100,100 Views)
0 Kudos
Member
brucerowe
Posts: 8
Registered: ‎01-20-2012

Re: Using a card swipe with *SIM*

‎01-21-2012 06:55 PM

The real problem is the way that the PCI compliance rules are worded. The regulations say that "any application that processes, stores or transmits card numbers" is affected. Using SIM is the most practical way to not transmit the card number. My application never sees the card number. All it gets is what Authorize.net sends back.

But, I can't use a card swipe.

 

Message 3 of 8 (100,091 Views)
0 Kudos
TJPride
Posts: 1,609
Topics: 15
Kudos: 201
Solutions: 121
Registered: ‎06-23-2011

Re: Using a card swipe with *SIM*

‎01-21-2012 08:44 PM

Hmm. How is the card data getting from your swiper to Authorize.net then?

Message 4 of 8 (100,087 Views)
0 Kudos
Member
brucerowe
Posts: 8
Registered: ‎01-20-2012

Re: Using a card swipe with *SIM*

‎01-22-2012 11:28 AM

I can't. The benefits of SIM are not available for swiped cards.

 

Swiped cards are only available for AIM. And, we cannot use AIM without certification which it too expensive.

 

 

Message 5 of 8 (100,080 Views)
0 Kudos
TJPride
Posts: 1,609
Topics: 15
Kudos: 201
Solutions: 121
Registered: ‎06-23-2011

Re: Using a card swipe with *SIM*

‎01-22-2012 07:12 PM

What I'm getting at is that the credit card data can not magically beam itself straight from your swiper to Authorize.net. It's going to have to pass through your computer somehow, and given that fact, you are not going to gain anything by using an API other than AIM. The terminal computer, regardless of API, will still have the credit card info in RAM temporarily, and potentially in virtual memory, which means the cache on your hard disk. This will not change regardless of what merchant system you use, the only way to avoid it would be to have the customer pay from their own computer - obviously not an option - or to get a device issued by the merchant processor that connects directly to them and only sends a status code to your computer with pass/fail and amount charged. The latter is probably expensive as well and limits your options.

Message 6 of 8 (100,076 Views)
0 Kudos
Member
brucerowe
Posts: 8
Registered: ‎01-20-2012

Re: Using a card swipe with *SIM*

‎01-23-2012 05:54 PM

In other words, Authorize.net cannot do it. . .
Message 7 of 8 (100,065 Views)
0 Kudos
TJPride
Posts: 1,609
Topics: 15
Kudos: 201
Solutions: 121
Registered: ‎06-23-2011

Re: Using a card swipe with *SIM*

‎01-23-2012 09:30 PM

In other words, nobody can do it without an "official" integrated swiper. It is technically impossible.

Message 8 of 8 (100,061 Views)
0 Kudos