Authorize.net CIM Gateway?

For general questions and discussions specific to the AbleCommerce GOLD ASP.Net shopping cart software.
Post Reply
sweeperq
Commodore (COMO)
Commodore (COMO)
Posts: 497
Joined: Tue Jan 03, 2006 2:45 pm

Authorize.net CIM Gateway?

Post by sweeperq » Wed May 07, 2014 12:09 pm

I just downloaded the Gold R7 demo because one of the features was Authorize.net CIM payments. This feature is important to us in order to reduce PCI compliance scope. If the payment data never touches our server and we can get an attestation of compliance from Authorize.net, it greatly reduces the burden of PCI self-assessments.

However, when I look at the source for the Payment form, it appears that the form is a] hosted on our server (as opposed to an iframe), and b] does a javascript postback to our server. I thought the whole point of CIM was that the data never touches your server. How is it any different than AIM with the way it is currently implemented?

User avatar
ForumsAdmin
AbleCommerce Moderator
AbleCommerce Moderator
Posts: 399
Joined: Wed Mar 13, 2013 7:19 am

Re: Authorize.net CIM Gateway?

Post by ForumsAdmin » Fri May 09, 2014 12:56 am

The point of CIM is not that the data never touches your server. Instead CIM allows you to 'STORE' credit-card data on Authorize.NET servers. That data that if you store locally otherwise, will raise your PCI compliance requirements. CIM is most useful when you have to make subsequent charges on credit cards - like in subscriptions and etc. When you have credit card data stored at Authnet servers, you do not have to ask the credit card details from the customer again if you want to charge a subsequent payment.

sweeperq
Commodore (COMO)
Commodore (COMO)
Posts: 497
Joined: Tue Jan 03, 2006 2:45 pm

Re: Authorize.net CIM Gateway?

Post by sweeperq » Fri May 09, 2014 6:25 am

So if you use the CIM gateway, there is a token stored somewhere in AbleCommerce to reference that for further transactions?

User avatar
ForumsAdmin
AbleCommerce Moderator
AbleCommerce Moderator
Posts: 399
Joined: Wed Mar 13, 2013 7:19 am

Re: Authorize.net CIM Gateway?

Post by ForumsAdmin » Mon May 12, 2014 3:49 am

Yes - that token is called Payment Profile Id

Post Reply