Re: Question about authorize.net and PCI

[Tim Ruppert]

I'm not sure about your specific needs here being provided OOTB, but we recently added the ability to clean out the actual credit card information. I think that Scott did this at the product store level and we're using Authorize.net in this capacity. Sorry, I can't remember the flag off the top of my head - but I know that it was around June of this year.

Cheers,
Ruppert
--
Tim Ruppert
HotWax Media
http://www.hotwaxmedia.com

o:801.649.6594
f:801.649.6595

On Oct 22, 2009, at 9:47 AM, Scott. wrote:

Hello all,


but my preference would be to not store credit card info at all.

They are the Simple Checkout, Server Integration Method (SIM) and the

simple and the SIM method store the credit card data on the Authorize.Net

authorizations, etc.


credit card information.

Thanks in advance for any thoughts.

--
View this message in context: 
http://n4.nabble.com/Question-about-authorize-net-and-PCI-tp276274p276274.html
Sent from the OFBiz - User mailing list archive at Nabble.com.

We are very close to finalizing our method of credit card processing within ofbiz and of course, PCI compliance is taking a front seat. We will be using authorize.net as our gateway and they several different methods with regards to integration. The easy thing would be to use the current supported method Advanced Integration Method (AIM). I believe that ofbiz natively supports AIM. The main difference between the three is that from a PCI standpoint the PCI-compliant servers thus eliminate the PCI compliance for our company. If I am correct, the SIM method keeps your checkout pages looking the way they were designed and being able to use the native ofbiz to actually charge Has anyone implemented this with ofbiz successfully? How much trouble will be to modify the ofbiz payment services not to store/read any sensitive

smime.p7s
Description: S/MIME cryptographic signature