Support Authorize.Net CIM Hosted Order Page

**[email protected]** · 12-15-11, 09:04 PM

Authorize.Net just announced their "CIM Hosted Order Page":

We are pleased to announce that we now have a new, hosted option for our Customer Information Manager (CIM) API. The hosted CIM option provides a way for you to establish a hosted connection with Authorize.Net that allows the exchange of sensitive cardholder data to take place on our secure servers instead of on your servers. With the new hosted option, CIM simplifies yet another step in the PCI DSS compliance process. The hosted CIM option is available now. For more information, including integration guides, visit our CIM page at http://www.authorize.net/cim.

Will you support this? Doing so would completely eliminate PCI issues for a WHMCS server, since the WHMCS server would no longer "process, transmit or store" the credit card number.

Not being PCI compliant is costing me about $40/month and we cannot comply since WHMCS is not PA-DSS Validated. I would love to get this albatross off my neck.

-- Art Z.

**amxfsx** · 04-08-12, 02:08 PM

I agree 100% with Art. This is the most serious issue surrounding WHMCS in my opinion.

I can't imagine an improvement that would be more important than this for the security of WHMCS customers who use Authorize.net.

-- amxfsx

**chris207** · 04-23-12, 08:42 PM

I also completely agree. I registered just to say that I have been wanting to switch us over to WHMCS but cannot stomach the additional PCI requirements. Using Authorize.net hosted CIM would be everything Authorize.net users need to have the most secure setup possible.

(Subscribing to any updates to this)

**tracedef** · 04-29-12, 11:26 PM

WHMCS has a CIM module, is there something I'm missing here that you're looking for that isn't included in the Authorize.net CIM module?

**chris207** · 04-29-12, 11:36 PM

Originally Posted by tracedef

WHMCS has a CIM module, is there something I'm missing here that you're looking for that isn't included in the Authorize.net CIM module?

The CIM still requires the information to pass through our server. So it solves the issue of storing the numbers on the server, but there are still significant PCI requirements for that information to be read by the server.

Authorize.net launched a hosted CIM feature where you can call forms hosted on authorize.net's servers to process the information into the CIM instead of your own server.

**tracedef** · 04-29-12, 11:38 PM

I see ... thank you for clarifying. Just out of curiosity, who is requiring PCI requirements .... they seem to be common, but we've never dealt with them.... we just signed up for authorize.net and we're good to go ...

**chris207** · 04-29-12, 11:47 PM

Originally Posted by tracedef

I see ... thank you for clarifying. Just out of curiosity, who is requiring PCI requirements .... they seem to be common, but we've never dealt with them.... we just signed up for authorize.net and we're good to go ...

https://www.pcisecuritystandards.org/

Basically standards to keep you out of hot water.

**premierepc** · 05-05-12, 02:53 PM

+1 on this. We have had to fight our merchant provider multiple times to prove the security of the system. Having Auth.net store the cc data and integrate with WHMCS will simply mean we can tell them to shove off. They can be rather nasty and the fines pretty steep if found to be in violation.

**[email protected]** · 05-22-12, 09:12 PM

Given yesterday's breach, I hope that Matt and the other folks at WHMCS now understand how serious this issue is.

-- Art Z.

**unused** · 06-08-12, 03:37 AM

Originally Posted by [email protected]

Given yesterday's breach, I hope that Matt and the other folks at WHMCS now understand how serious this issue is.

-- Art Z.

So I'm confused - does the WHMCS Authorize.net CIM module support the Hosted authorize.net product?

The migration script is a year old and for v 4.5.

We've got thousands of cards stored. We've been looking at solutions like chargify to possibly move away from WHMCS due to security concerns. Overall we like WHMCS though, but with recent breaches of many services (google apps, linkedin, etc. -- not just whmcs) our thinking is to get credit card data out of systems are directly responsible for.

Being able to move all customer card data over to the authorize.net hosted platform using the CIM module would be the perfect solution, assuming that customers can still place orders as expected, update card details, and be charged by WHMCS -- and there's a seamless migration process.

Has anyone done this, and if so what issues were faced if any, and is it working as expected?

**sixullc** · 11-29-12, 08:28 PM

I agree. The fact that WHMCS supports the Authorize.net CIM is why I switched to them from Client Exec. PCI DSS compliance is fat becoming a manditory issue for even the smallest of businesses. I setup my A/net CIM today and it's working great. Just remember, contrary to what you might think, you should not tick the setting to "Disable Credit Card Storage" in Setup > General Settings > Security as that will disable entry by a client.

It must be enabled to show the credit card payment form and allow clients to update their card details, but the fact you are using the Authorize.net CIM module will prevent the details being stored locally in WHMCS and instead store them only on the remote system.

Before I found this post, every attempt was listed as declined and it wasn't getting to A/net. After disabling the checkbox, it worked perfectly for me.

Community Forums

Thread: Support Authorize.Net CIM Hosted Order Page

Thread Tools

Support Authorize.Net CIM Hosted Order Page

Re: Support Authorize.Net CIM Hosted Order Page

Similar Threads

Authorize.net CIM