Clever Geek Handbook

Online credit card processing

I am planning to use a service like Authorize.net to process users' credit cards. Which brings up two questions.

  • Do I need SSL on the checkout page even though I allow the third part to handle most of the processing?
  • Do I need to get the user's address? And if so, will an apartment number be required? (If they have an apartment, of course)
+3


source to share


3 answers


  • Yes. The processing will most likely be done through some API that you call. Therefore, receiving information from your users from the browser to your server will require encryption (SSL)

  • It depends on your setup and what Authorize.net requires.



+7


source


You need to use SSL for your part of the transaction - you are not PCI-DSS compliant if you don't.



If you ask for the apartment number because you are going to forward it to A.net to check for AVS anti-fraud, AVS only checks part of the address bar up to the first place, for example: 123 Maple St - only 123 checked. The zip code is the only verified part of the address, so there is no reason to worry about the APT number. Collect it for your full records, of course, but it won't affect the AVS check, which is the only reeason to pass it to A.net in the auth transaction.

+2


source


  • It depends on which API you are using. If you are using any of the hosted APIs (CIM hosted SIM), you will not need an SSL certificate as you will never handle sensitive information on your website.

    If you are using AIM, ARB, CIM, or DPM, you will need an SSL certificate as you will be collecting sensitive information that is covered by the PCI DSS standard.

  • Yes and no. You don't need to collect it as there is no need to process a credit card. However, without it, you won't be able to perform Address Verification (AVS), which is a good tool to reduce fraud. It also means that your transactions will be processed at a faster rate, which is not good.

+2


source






More articles:


All Articles