|
Eric Witzer
|
June 10, 2014 at 3:05 pm
Our merchant services provider has stated the following:
“Authorize.net AIM integration isn’t an option unless the shopping cart is on the PCI Security list as being compliant. If it is not on the list you would need to use to use the SIM integration. Are they listed here?
https://www.pcisecuritystandards.org/approved_companies_providers/validated_payment_applications.php?agree=true
http://www.visa.com/splisting/searchGrsp.do”
I have not found you listed on either list.
(1) Are you PCI-DSS certified? If not do you plan to get certification?
(2) EE4 does not have SIM so I would need to stay with EE3 to use the SIM integration. Are you planning on SIM in the near future for EE4?
Thank you,
Eric
|
|
Seth Shoultes
|
June 11, 2014 at 12:17 pm
Hi Eric,
I believe the list you linked to are third party shopping cart service providers. We’re not a third party shopping cart service (that would be more along the lines of shopify or squarespace).
To be PCI compliant, your entire website will need to be PCI compliant. For example, you will need to have an SSL Certificate, you will need to use SFTP instead of FTP, and you will need to go through the very expensive and time consuming process of getting a PCI Certification.
With Event Espresso, your customers will stay on your website while the credit card data is sent to Authorize.net, but none of the credit card data is stored on the website. The minimum requirements for onsite Authorize.net payments are much lower. You just need to have an SSL Certificate installed on your server.
If you want to use Authorize.net AIM or SIM with EE4, and be PCI Compliant, then you can use the Mijireh Checkout, which is a certified PCI compliant service provider.
I hope that all makes sense and answers your question.
|
|
Eric Witzer
|
June 11, 2014 at 12:32 pm
Thank you Seth. I understand what you are saying but the merchant services provider that my client is using is saying that the shopping cart software has to be on the PCI compliant list or they will not allow us to use the Authorize.net AIM. I believe Mijireh would have to replace their merchant services provider but in this case the client is tied to their own merchant services provider as the processing is linked into their accounting software. So I think that I am left with the only option being to use EE3 with SIM. Is that correct? Also do you intend to add SIM integration to EE4 in the future?
|
|
Seth Shoultes
|
June 11, 2014 at 12:53 pm
That’s strange about the PCI compliant requirements. I have never heard of a merchant services provider requires PCI compliance in all of the years I have been working on EE.
Mijireh wouldn’t replace your customer’s merchant services provider, your customer would actually use Mijireh in conjunction with their merchant services provider.
We are rewriting the gateway system in EE4 at the moment and will most likely add an Authorize.net SIM add-on at some point in the future.
|
|
Seth Shoultes
|
June 11, 2014 at 12:57 pm
Also, just wanted to point out that we have used several Authorize.net merchant services providers over the years and have never had this requirement. We currently use Wells Fargo as our Authorize.net merchant services provider. As long as we have a current SSL certificate, and are not storing CC data on our server, Authorize.net allows us to process credit cards.
|
|
Eric Witzer
|
June 11, 2014 at 12:58 pm
Thank you. I thought it was weird too. I can’t use WooCommerce with them either for the same reason… Where can I get more info on the Mijireh? Does that replace Authorize.net or does that fit in between and if so does that add extra cost to transactions? Thank you for all your help!
|
|
Seth Shoultes
|
June 11, 2014 at 1:28 pm
Mijireh doesn’t replace Authorize.net, it basically slurps your website. Upon “Checkout”, they are seamlessly redirected to the Mijireh servers where they provide a secure, fully PCI Compliant service to process credit cards to your payment gateway.
Here is more info:
http://www.mijireh.com/#mijireh-checkout
|
