developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a question

CIM security concern

I am adding CIM to my account and will use it for recurring billing.

 

With CIM in place, I have heightened concerns about the vulnerability of the Authorize.net merchant login portal. If somebody breaks in with a bad intent they could do a lot of more damage now (like creating transactions) than what was possible before. We use best security practices to protect passwords but this is not sufficient in my opinion.

 

Is there any way to require more secure access to the Authorize.net portal (like two factor authentication or IP restricted ?)

 

 

Christophe
Contributor

‎03-23-2013 01:15 AM

0 Kudos
9 REPLIES 9

Hi Christophe,

 

Authorize.Net does not currently offer 2-factor authentication or IP address access restrictions. We enforce a strict password policy and encourage you to follow the best practices outlined in that policy found here: http://www.authorize.net/resources/files/PasswordPolicy.pdf.

 

Thanks,

Joy

Joy
Administrator Administrator
Administrator

‎03-27-2013 02:13 PM

0 Kudos

Is there any update on this? 

 

We use CIM as well. With such valuable information on hand there seems like quite a bit of potential for damage. 

 

We've ensured that all other elements of our billing system require 2-factor authentication. Would be very nice to see this on top of the password policies that you enforce. 

Potter
Member
In response to Joy

‎01-24-2015 07:53 AM

 Hello @Potter 

 

You are welcome to post this as a new feature using our Ideas forum. This will allow others to vote on and make suggestions to improve the request.

Richard

RichardH
Administrator Administrator
Administrator
In response to Potter

‎01-24-2015 08:39 AM

0 Kudos

You can vote for this on the Ideas board.

Christophe
Contributor

‎04-30-2015 07:50 AM

0 Kudos

Thanks @Christophe for creating the new product idea.

 

Richard

RichardH
Administrator Administrator
Administrator
In response to Christophe

‎04-30-2015 08:14 AM

0 Kudos

This is a gentle reminder to investigate two-factor authentication. This is a critical security issue for companies using CIM. Is this feature on the way ?

Thank you

 

 

Christophe
Contributor
In response to RichardH

‎09-21-2016 09:32 AM

0 Kudos

I opened this request for two-factor authentication almost 5 years ago! and also entered in the "Ideas" section:

https://community.developer.authorize.net/t5/Ideas/Authorize-net-portal-2-factor-authentication/idi-...

 

It was marked as 'accepted' but nothing happened.

 

It is 2018, how can a portal to control payments and credit cards rely solely on username/password ? This is reckless.

 

Christophe
Contributor
In response to Christophe

‎12-22-2017 06:11 AM

0 Kudos

Hi @Christophe

 

Thanks for your feedback .

We have Merchant Interface refresh planned in FY 18 and this will  be addressed in it . 

 

 





Send feedback at developer_feedback@authorize.net
Anurag
Moderator Moderator
Moderator
In response to Christophe

‎12-22-2017 09:42 AM

0 Kudos

So the enhancement was planned for 2018 according to the latest post, and we are in 2020. I opened the request 7 years ago.

 

In the meantime, many websites have two-factor. Even my daughter's school website has two-factor available. It's so easy to implement with many kits available, for example from Twilio.

 

I am a fan of Authorize.net, but we may walk out because compliance absolutely requires two-factor. Please get your act together!

 

 

Christophe
Contributor
In response to Anurag

‎02-27-2020 06:39 PM

0 Kudos
Copyright © 2024 Khoros, LLC