Authorize.net CIM requiring https within aMember?

Discussion in 'Payments processing' started by thestockbandit2, Apr 11, 2014.

  1. thestockbandit2

    thestockbandit2 New Member

    Joined:
    Sep 28, 2009
    Messages:
    15
    One of the advantages of Authorize.net's CIM is that no PCI-DSS certification is necessary, as per their website & the aMember documentation.

    However, the plugin within aMember 'Use Hosted Version' option requires https. So a certificate is needed but not necessarily PCI-DSS compliance?

    Thanks for any provided explanation.
  2. caesar

    caesar aMember Pro Developer Staff Member

    Joined:
    Oct 16, 2009
    Messages:
    1,659
    The answer is yes to both. You need SSL certificat and do not require PCI-DSS. Actually it is not same things at all. You do not need PCI-DSS because of in case of hosted version of integration with autorize.net CC info do not processed or stored on your server at all. Customer submit his CC info directly to authorize.net server and authorize.net handle it.

    In order to support such architecture iframe technique is used but modern browser do not allow to communicate site with iframe if your site is not https but site in iframe is https (authoreze.net should be served via https).
  3. thestockbandit2

    thestockbandit2 New Member

    Joined:
    Sep 28, 2009
    Messages:
    15
    Thank you Caesar for the explanation

Share This Page