|
cryamerica
|
August 25, 2020 at 11:13 am
Hello
We have been using Authorize.net AIM to accept onsite payments through credit/Debit cards
We are now planning to accept offsite payments. We found Authorize.net Accept Addon which offers to embed payment details such as CC number, CVV and expiry date withn an iFrame.
Would like to understand if there are any security issues if we use Authorize.net AIM and also let us know if there are any other options for accepting offsite payments.
Please do help us in understand which is the better eay to accept ayments through Credit/debit cards
Look forward to hearing from you
|
|
Tony
|
August 25, 2020 at 12:55 pm
Hi there,
May I ask what you mean by off-site payments?
The reasons I ask is I think there may be some confusion about what on-site and off-site payment methods are here, so first a quick explanation.
OFF-site payment methods basically send the user ‘off-site’ to make the payment. The classic example of these is PayPal, where you select your items on the site and click a button to pay with PayPal. You (the user) are sent to PayPal servers to make the payment on their servers, PayPal control the checkout process themselves and they then communicate back to your site that a payment has been made and also redirect the user back to your site again.
ON-site payment methods allow you to keep the user on your site to accept payments. Generally, this means that the payment details are captured on your server and then sent over to your payment provider whoc process them and return a ‘success’ or ‘failed’ response for authorizations and capture of funds.
ON-site payment methods give you (the admin) the greatest amount of control and flexibility in that you can customize the look and feel of the payment form if you are comfortable with PHP. However, they also bring the highest liability as your own server has access to the card details during checkout so if your server is compromised then it’s possible for someone to capture those details.
ON-site payment methods require the highest level of PCI compliance and Auth.net AIM request SAQ-D
OFF-site payment methods require the lowest PCI requirement, usually SAQ-A.
In short, for the lowest liability and least amount of effort on your part for remaining compliant, you should be using an OFF-site payment method.
Auth.net Accept can be considered a ‘hybrid’ in that using an iFrame it loads the payment options ON your site, but its actually an OFF-site payment method. Meaning the user ‘stays’ on your site but is actually inputting their card details on Auth.net’s servers.
|
|
cryamerica
|
August 26, 2020 at 1:29 am
Hello Tony,
Thanks for your response.
Yes, we are looking for Authorize.net plugins that send the user off-site to make the payment.
Auth.net Accept is one of the options we found for accepting off-site payments. Could you please confirm if we can implement cosmetic UI changes in this plugin to match it similar to our website design?
Or could you please suggest any other Authorize.net plugin/add on that we can use to implement off-site payments
Thanks in advance
|
|
Tony
|
August 26, 2020 at 2:37 am
Could you please confirm if we can implement cosmetic UI changes in this plugin to match it similar to our website design?
No, you can’t change very much with most off-site payment methods.
You have the EE4 Everything license which means you have access to all our of add-ons, so I recommend installing the Auth.net Accept add-on and checking how it looks on your site.
Or could you please suggest any other Authorize.net plugin/add on that we can use to implement off-site payments
With Event Espresso you have the Auth.net SIM payment method (deprecated by Auth.net in favour of Accept) or the Auth.net Accept payment method for offsite payments.
|
