Which processor to use?

Discussion in 'Payments processing' started by dealershift, May 24, 2012.

  1. dealershift

    dealershift New Member

    Mar 10, 2012

    I recently purchased amember and am in the process of setting it up. All of the payment plugins say they are in beta or aren't PA-DSS certified (Authorize.net)

    What processor do you recommend? Authorize.net is my preferred processor since I already have a relationship with one of their resellers. Does the PA-DSS warning mean I cannot use them?

    I do not want to store any sensitive customer data on my servers. I appreciate the help and LOVE aMember!
  2. skippybosco

    skippybosco CGI-Central Partner Staff Member

    Aug 22, 2006
    You are not storing the credit card on your servers and communicating to Authorize.NET securely so I believe it is not an issue (I use Authorize.NET as my primary)..

    Here are the compliance rules or PA-DSS (checked are the ones I believe aMember 4 has today)

    1. Do not retain full magnetic stripe, card validation, code or value, or PIN block data. [​IMG]
    2. Protect stored cardholder data. [​IMG]
    3. Provide secure authentication features. [​IMG]
    4. Log payment application activity. [​IMG]
    5. Develop secure payment applications.[​IMG]

    6. Protect wireless transmissions. NOT APPLICABLE
    7. Test payment applications to address vulnerabilities. [​IMG]
    8. Facilitate secure network implementation. [​IMG]

    9. Cardholder data must never be stored on a server connected to the internet. NOT SURE ABOUT THIS ONE? Is Card Holder name or email or address "Cardholder data" if so then aMember will NEVER be compliant.
    10. Facilitate secure remote software updates.[​IMG]
    11. Facilitate secure remote access to payment application. [​IMG]
    12. Encrypt sensitive traffic over public networks. [​IMG]
    13. Encrypt all non-console administrative access. [​IMG]

    14. Maintain instructional documentation and training programs for customers, resellers, and integrators. [​IMG]

    So the only thing that jumps out for me is the "not storing cardholder data on the server connected to the internet". aMember does not store the credit card # (only last 4 digits).. If it is a requirement to not store ANY cardholder data on a server connected to the internet I'm not sure that any online commerce site can be compliant.
  3. dealershift

    dealershift New Member

    Mar 10, 2012
    Thanks for this info!

Share This Page