Hello all, We are very close to finalizing our method of credit card processing within ofbiz and of course, PCI compliance is taking a front seat. We will be using authorize.net as our gateway and they several different methods with regards to integration. The easy thing would be to use the current supported method but my preference would be to not store credit card info at all.
They are the Simple Checkout, Server Integration Method (SIM) and the Advanced Integration Method (AIM). I believe that ofbiz natively supports AIM. The main difference between the three is that from a PCI standpoint the simple and the SIM method store the credit card data on the Authorize.Net PCI-compliant servers thus eliminate the PCI compliance for our company. If I am correct, the SIM method keeps your checkout pages looking the way they were designed and being able to use the native ofbiz to actually charge authorizations, etc. Has anyone implemented this with ofbiz successfully? How much trouble will be to modify the ofbiz payment services not to store/read any sensitive credit card information. Thanks in advance for any thoughts. -- View this message in context: http://n4.nabble.com/Question-about-authorize-net-and-PCI-tp276274p276274.html Sent from the OFBiz - User mailing list archive at Nabble.com.
