Showing results for 
Search instead for 
Did you mean: 

PCI Compliance with SIM - What do WE have to do?

We are using the SIM implentation to reduce as much liabilty as we can on our end. Recently we were questioned about our PCI compliance. I know that on AuthorizeNet's end their PCI compliance is being handled by Trustwave. But is there a list of steps or precautions that we need to take on OUR end to have PCI compliance as well? 


I would prefer something official from AuthorizeNet themselves. Especially with matters as important as this.





Regular Contributor


Hi lightwave365,


As a merchant, you are required to be compliant with PCI DSS, PCI compliance is validated by the Merchant Service Provider who underwrites your account. Authorize.Net is not directly involved with establishing, evaluating or validating merchant PCI compliance requirements. It is best practice to contact your Merchant Service Provider for information on how they validate this and what steps you should take.




Administrator Administrator

I'm sorry, maybe I wasn't clear with our situation. I think what you are saying is we should contact the person who provides the software that we're using. That we are one of the customers of a product that uses AuthorizeNet.


We are the Merchant Service Provider. We developed a product and implemented the use of by the request of our customers. But now our customers are worried about PCI compliance with our product and Authorize.Net so we are trying to make sure that we do meet all requirements.


So we can't count on the Merchant Service Provider to be compliant because we ARE the Merchant Service Provider and we don't know if we are 100% compliant. Where do we go from here?

Regular Contributor