developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a question

Does non-hosted SIM encrypt card data?

View the SolutionThis topic has been marked as solved.

I am using non-hosted CIM .NET API to add credit cards. This is the one part of my app that sends cardholder data out. So my question is, does it send this data out encrypted? My site does have an SSL certificate, but I am concerned about PCI compliance. From what I understand SAC level C is what applies to my circumstance since my app doesn't store cardholder data directly, but it does transmit it only when sending it to CIM using the API they provided.

 

So again, my question is is it encrypted and am I correct in that this requires SAC C compliance? Any help would be grealy appreciated.

JeffSGA007
Member

‎11-14-2014 09:16 AM

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

View the SolutionThis topic has been marked as solved.

Connecting to a secure server--including https://secure.authorize.net/ as SIM does--includes automatically negotiating TLS.

 

This will ensure the data will be encrypted as it leaves your server for ours.

 

However, it does nothing for the data handling prior to that. So you would want to make sure your application handles the data securely at every point. Even if the data isn't storing it in a database permanently, it's presumed it would be temporarily stored in a variable before posting to us. That could be exploited by a malicious third party.

--
"Move fast and break things," out. "Move carefully and fix what you break," in.

View solution in original post

Lilith
Administrator Administrator
Administrator

‎11-14-2014 11:09 AM - edited ‎11-14-2014 11:09 AM

0 Kudos
1 REPLY 1

View the SolutionThis topic has been marked as solved.

Connecting to a secure server--including https://secure.authorize.net/ as SIM does--includes automatically negotiating TLS.

 

This will ensure the data will be encrypted as it leaves your server for ours.

 

However, it does nothing for the data handling prior to that. So you would want to make sure your application handles the data securely at every point. Even if the data isn't storing it in a database permanently, it's presumed it would be temporarily stored in a variable before posting to us. That could be exploited by a malicious third party.

--
"Move fast and break things," out. "Move carefully and fix what you break," in.
Lilith
Administrator Administrator
Administrator

‎11-14-2014 11:09 AM - edited ‎11-14-2014 11:09 AM

0 Kudos
Copyright © 2024 Khoros, LLC