|
khaedtke
|
July 26, 2016 at 12:24 pm
We are using your plugin on a website sponsored by the University of Minnesota and need to provide documentation on PCI Compliance before we can launch the site.
We will be using the Authorize.net AIM for processing credit cards and we’ve been asked for documentation specifically on how credit card numbers are handled by the EE plugin. Are credit card numbers stored in a temporary variable, and purged once a transaction is complete, or are they stored in a different manner? How long is this data kept / how is the security of these numbers ensured (we will be addressing the security of our website / host separately).
Do you have any documentation you can direct me to? Thank you.
|
|
khaedtke
|
July 26, 2016 at 12:42 pm
I see you are listed on the Authorize.net list of certified solutions: http://www.authorize.net/solutions/merchantsolutions/merchantservices/certifiedsolutiondirectory/?type=Online so I’m assuming we’ll be fine if we can find the correct documentation. If you can’t direct me to a specific document, it there a person I can put our compliance officer in touch with?
|
|
Lorenzo Orlando Caum
|
July 26, 2016 at 4:18 pm
Hello,
We do not store the full card details through any of our payment gateways.
For Authorize.net AIM, the last four of the card number is stored and that is to help the event organizer / merchant for referencing a transaction for a registration.
—
Lorenzo
|
|
khaedtke
|
July 28, 2016 at 8:16 am
Thanks. Do you have any kind of documentation reflecting this that we can file with the University. If you can’t direct me to a specific document, it there a person I can put our compliance officer in touch with?
|
|
Josh
|
July 28, 2016 at 3:01 pm
https://eventespresso.com/wiki/authorize-net-aim-payment-gateway/#pci-compliance
|
