topic Does non-hosted SIM encrypt card data? in Integration and Testing https://community.developer.cybersource.com/t5/Integration-and-Testing/Does-non-hosted-SIM-encrypt-card-data/m-p/48771#M24504 <P>I am using non-hosted&nbsp;CIM .NET API to add credit cards.&nbsp;This is the one part of my&nbsp;app that sends&nbsp;cardholder data out. So my question is, does it send this data out encrypted?&nbsp;My site does have an&nbsp;SSL certificate, but&nbsp;I&nbsp;am concerned&nbsp;about PCI compliance.&nbsp;From what I understand SAC level C is what applies to my circumstance since&nbsp;my app doesn't store&nbsp;cardholder data directly, but it does transmit it only when sending it to CIM using the API they provided.</P><P>&nbsp;</P><P>So again, my question is is it encrypted and am I&nbsp;correct in that this requires SAC C compliance? Any help would be grealy appreciated.</P> Fri, 14 Nov 2014 17:16:57 GMT JeffSGA007 2014-11-14T17:16:57Z Does non-hosted SIM encrypt card data? https://community.developer.cybersource.com/t5/Integration-and-Testing/Does-non-hosted-SIM-encrypt-card-data/m-p/48771#M24504 <P>I am using non-hosted&nbsp;CIM .NET API to add credit cards.&nbsp;This is the one part of my&nbsp;app that sends&nbsp;cardholder data out. So my question is, does it send this data out encrypted?&nbsp;My site does have an&nbsp;SSL certificate, but&nbsp;I&nbsp;am concerned&nbsp;about PCI compliance.&nbsp;From what I understand SAC level C is what applies to my circumstance since&nbsp;my app doesn't store&nbsp;cardholder data directly, but it does transmit it only when sending it to CIM using the API they provided.</P><P>&nbsp;</P><P>So again, my question is is it encrypted and am I&nbsp;correct in that this requires SAC C compliance? Any help would be grealy appreciated.</P> Fri, 14 Nov 2014 17:16:57 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Does-non-hosted-SIM-encrypt-card-data/m-p/48771#M24504 JeffSGA007 2014-11-14T17:16:57Z Re: Does non-hosted SIM encrypt card data? https://community.developer.cybersource.com/t5/Integration-and-Testing/Does-non-hosted-SIM-encrypt-card-data/m-p/48779#M24508 <P>Connecting&nbsp;to a secure server--including <A href="https://secure.authorize.net/" target="_blank">https://secure.authorize.net/</A> as SIM does--includes automatically&nbsp;negotiating TLS.</P> <P>&nbsp;</P> <P>This will ensure the data will be encrypted as it leaves your server for ours.</P> <P>&nbsp;</P> <P>However, it does nothing for the data handling prior to that. So you would want to make sure your application handles the data securely at every point. Even if the data isn't storing it in a database permanently, it's presumed it would be temporarily stored in a variable before posting to us. That could be exploited by a malicious third party.</P> Fri, 14 Nov 2014 19:09:51 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Does-non-hosted-SIM-encrypt-card-data/m-p/48779#M24508 Lilith 2014-11-14T19:09:51Z