We are looking to move to CIM API. Once we go with Tokens instead of sending CC info, is there a way we can have our Authorize.net account not accept CC transactions?
We have a rogue IT person in our group that has obtained the Login and API keys we use now and he is processing customer transactions to make the company look bad with Customers. We have changed the API Key, but I am sure he will get it again. He is trying to make the company look bad.
Once we go to Tokens, we will not store any CC info on our servers, but don't want him trying to process transactions with CC info he already has.
Unfortunately, it's not currently possible to move completely away from accepting payment cards.
I would also recommend taking immediate steps to secure your server and access to credentials.
Thanks for the quick reply Richard. We are trying to figure out how he obtained the API Transaction Key and password and we are not exactly sure which 1 of our IT guys did it. We know it came from within because only an IT User would have access to some of the information to process cards. We have already changed the keys and are going to start using Tokens instead of the Credit Cards, which I recommended to CTO years ago, but why listen to me then :)
Unfortunately hacking is a little above my pay scale :) We have had this site up for 7 or 8 years and I have never seen anything like this before. Trying to figure out if we are passing information to auth.net that is not using HTTPS protocols now.
Do you happen to know of any links that would help my analysis on how he might have done it? I have look at WireShark and Fiddler, but not sure those will work using HTTPS.
Thanks again for your help.