cancel
Showing results for 
Search instead for 
Did you mean: 

Is createAIMTransaction Secure

Does AIM's createAIMTransaction communicate securly to Authorize.Net and if so do I need to configure anything on my end to enable the secure transaction?  My web sever is secured with a cert but it acts as a gateway to Authorize.Net and I want to check the communications between my server and Authorize.Net's servers (not the client browser to my web site) are secured.

 

 

zappullae59
Contributor
1 ACCEPTED SOLUTION

Accepted Solutions

Hi @zappullae59,

 

When your server sends a transaction to the Authorize.Net server, your server is acting as the client, and is connecting to a https: URL at Authorize.Net. So, your server is doing the same thing that a browser would in that situation. It negotiates a secure encrypted connection to the Authorize.Net server using TLS, and then sends and receives information securely over that connection.

 

There's nothing else you need to do to enable that on your end. Basically, if your system can successfully connect and send a transaction, then it's working securely.

 

Future concerns:

At some point in the future, all payment processors will be required to tighten their security and only use the latest most secure version of TLS, TLS v1.2. The date that everyone's required to meet has been changed recently, so we don't have an exact date of when we will require that on our end. See https://community.developer.authorize.net/t5/News-and-Announcements/Update-Regarding-TLS-Remediation...

 

When we do reconfigure things on our end to require TLS 1.2, that might require some changes on your end. Usually, it's as simple as just making sure you have an up to date version of Java or .NET or whatever other application environment you're using on your end. More details about dates on our end will be communicated as we get closer to the PCI Security Standards Council's deadline.

View solution in original post

Aaron
All Star
2 REPLIES 2

Hi @zappullae59,

 

When your server sends a transaction to the Authorize.Net server, your server is acting as the client, and is connecting to a https: URL at Authorize.Net. So, your server is doing the same thing that a browser would in that situation. It negotiates a secure encrypted connection to the Authorize.Net server using TLS, and then sends and receives information securely over that connection.

 

There's nothing else you need to do to enable that on your end. Basically, if your system can successfully connect and send a transaction, then it's working securely.

 

Future concerns:

At some point in the future, all payment processors will be required to tighten their security and only use the latest most secure version of TLS, TLS v1.2. The date that everyone's required to meet has been changed recently, so we don't have an exact date of when we will require that on our end. See https://community.developer.authorize.net/t5/News-and-Announcements/Update-Regarding-TLS-Remediation...

 

When we do reconfigure things on our end to require TLS 1.2, that might require some changes on your end. Usually, it's as simple as just making sure you have an up to date version of Java or .NET or whatever other application environment you're using on your end. More details about dates on our end will be communicated as we get closer to the PCI Security Standards Council's deadline.

Aaron
All Star

Thank you Aaron.