Jump to content

Archived

This topic is now archived and is closed to further replies.

Zane

What exactly is involved with using Authorize.net?

Recommended Posts

The idea is to avoid purchasing SSL

Share this post


Link to post
Share on other sites

The only way you can get around this without SSL is to send the user off-site to complete payment, e.g. Authorize.net's SIM product, Google Checkout, Paypal, etc.

 

 

Share this post


Link to post
Share on other sites

The idea is to avoid purchasing SSL

1.png

 

Zane, sounds like your client is going to need to weigh the costs / benefits of using either a 3rd party checkout system and paying their fees or purchasing an SSL.  Which will cost more? 

 

Share this post


Link to post
Share on other sites

The client is teeter-tottering on the credit card transaction fee percentage.  Paypal and Google Checkout have a 2.9% + $0.30 fee, while their Merchant is (somehow?) hooking them up with a 1.58% fee.  I went ahead and set up a sandbox account and used the SIM integration method just to check it out.  There are still a few variables I need to figure out, but it seems I may be able to get away with no getting an SSL.  The form action posts to a https address hosted on Authorize.net, which is exactly what I need.

 

Now I just need to make sure I meet the requirements.

Share this post


Link to post
Share on other sites

Watch out, having the form on a non-secure page opens yourself up to MitM.

 

If an attacker were to manage to compromise the stream between your webpage and the server's, it's possible to modify the HTML before passing it through, changing your form's action.

 

Though, this form of attack isn't exactly easy unless your client's on weak WiFi when he/she does it.

Share this post


Link to post
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.