3

I plan on using a service such as Authorize.net to process user's credit cards. Which brings two questions.

  1. Will I need SSL on the payment page even though I will be letting the third part handle most of the processing?
  2. Will I need to get the user's address? And if so, will an apartment number be required? (If they have an apartment, of course)
4

3 回答 3

7
  1. Yes. The processing will most likely be done through some API that you will call. So getting the information from your users from the browser to your server will require encryption (SSL)

  2. That depends on your set up and what Authorize.net will require.

于 2013-01-24T04:39:04.090 回答
2

You DO need to use SSL for your portion of the transaction - you are not PCI-DSS compliant if you do not.

If you are asking about apartment number because you intend to pass it to A.net for AVS anti-fraud checking, AVS only checks the part of the address line before the first space eg: 123 Maple St - only the 123 is checked. The zip is the only other part of the address checked, so there is no reason to worry about apt number. Collect it for your own complete records of course, but it will not affect and AVS check which is the only reeason to give it to A.net in the auth transaction.

于 2013-01-24T09:50:59.697 回答
2
  1. It depends on which API you use. If you use any of the hosted APIs (SIM, hosted CIM) you will not need an SSL certificate as you will never be handling any sensitive information on your website.

    If you use AIM, ARB, CIM, or DPM you will need an SSL certificate as you will be collecting sensitive information which is covered by the PCI DSS standard.

  2. Yes and no. You are not required to collect it as it is not needed to process a credit card. However, without it you cannot perform Address Verification (AVS) which is a good tool for helping to reduce fraud. It also means your transactions will be processed at a higher rate which is not a good thing.

于 2013-01-24T14:00:35.480 回答