dadamssg87 Posted April 12, 2011 Share Posted April 12, 2011 I'm looking to build my own ecommerce site and i just looked at their sample code to test transactions. See below. <?php require_once 'anet_php_sdk/AuthorizeNet.php'; // Make sure this path is correct. $transaction = new AuthorizeNetAIM('YOUR_API_LOGIN_ID', 'YOUR_TRANSACTION_KEY'); $transaction->amount = '9.99'; $transaction->card_num = '4007000000027'; $transaction->exp_date = '10/16'; $response = $transaction->authorizeAndCapture(); if ($response->approved) { echo "<h1>Success! The test credit card has been charged!</h1>"; echo "Transaction ID: " . $response->transaction_id; } else { echo $response->error_message; } ?> I was under the impression handling credit cards was MUCH harder to deal with. Couldn't you just store the $_POST['creditcardnumber'] in a database(not very secure AT ALL)? I would of thought they would have to make you mess with the form submission so their card number is encrpted through the $_POST and Authorize.net is the only one that has the decryption key. Also, doesn't like EVERY credit card processing form require the name on the card? Am i missing something?? Quote Link to comment Share on other sites More sharing options...
codebyren Posted April 12, 2011 Share Posted April 12, 2011 As a merchant, security is YOUR responsibility. Authorize.net has to, of course, go through its own drama to pass regular security audits but this is separate from what should concern you. In the Authorize.net AIM sample code you have there, the cardholder would be submitting their credit card details for processing via YOUR website and so the responsiblility lies with you to handle that properly. You would need to, among other things, provide an encrypted connection for when credit card data gets submitted (use an SSL certificate) and avoid storing sensitive credit card details at all costs. You should look into PCI DSS compliance (https://www.pcisecuritystandards.org/) since it will likely govern whether you will even be granted a merchant account to accept credit card payments online in the first place. Getting compliant can be quite intense and costly which is why gateways like Authorize.net provide alternative solutions (e.g. SIM - Simple Integration Method) which involve redirecting the cardholder to the Authorize.net website so that the cardholder enters their credit card info on the secure Authorize.net site and not yours. That simplifies the PCI DSS process a whole lot. So yeah, processing credit cards isn't the hard part. Jumping through hoops so that you're allowed to is... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.