54 replies to this topic

[netstep]

Authorize.net SIM payment form is alive and well with no indication of going away.
USAEpay also has a similar hosted payment form.

I know "everyone" uses Authorize.net Advanced Integration Method (AIM) but I have several small volume customers who benefit from off-site credit card number collection.

• No SSL cert required so save $$ every year.
  
• No chance of CC# theft liability

Please don't give up on the simple integration method (SIM).
It's working great for my sites!
If some people are interested, I'll be happy to load my updated SIM module with some added features.

Which API is best for you? Choose AIM or SIM

My Setup: osC MS2.2
Authorize.net Merchant control panel
1. Settings > API Login ID and Transaction Key > Get a transaction key.
2. Settings > Relay Response Response = http://YOURSITE.COM/checkout_process.php
3. Settings > Receipt URL = http://YOURSITE.COM/checkout_process.php

Site configs:
SESSION Force Cookie Use = False
SESSION Check SSL Session ID = False
SESSION Check User Agent = False
SESSION Check IP Address = False
SESSION Prevent Spider Sessions = False
SESSION Recreate Session = False

Site Module Configs:
Enable Authorize.net Module: True
Login Username: xxxxxxxx
Transaction Key: xxxxxxxxxxxxxxx
Transaction Mode: Production
Transaction Method: Credit Card
Customer Notifications: False
Payment Zone: --none--
Set Order Status: default
Sort order of display.: 0

I've found several Authorize.net/SIM threads that helped me sort out my SIM issues:

• need some help with authorize.net module, order confirmation kicks users back to login screen
  
• Authorize.net: basic questions (and basic answers?), SIM vs. AIM, SSL?, Upgrade?
  
• Authorize.NET, Takes me back to login??
  
• Authorize.net confusion
  
• Authorize.net payment error help, Errors not posting
  
• Authorize.net, Transactions complete but no confirmation for customer
  
• Authorize.net setup toubles, please help

[Silverado05]

Thats all great but I heard that Authorize.net is going to quite supporting that method and requiring everyone to use the AIM. Or I think they were wanting everyone to use the AIM. Can't remember for sure but I remember reading something about it just a while back.

[whosthedada]

Silverado05, on Aug 1 2007, 02:47 AM, said:

Thats all great but I heard that Authorize.net is going to quite supporting that method and requiring everyone to use the AIM. Or I think they were wanting everyone to use the AIM. Can't remember for sure but I remember reading something about it just a while back.

I've just been reading about that... They are gonna stop supporting WebLink soon, and everyone will have to go to either SIM or AIM.

I think that's correct?

[netstep]

Connection Methods: http://www.authorize.net/support/csfaqs/#142134

Weblink is going away != SIM that appears to be supported.

Quote

Enable WebLink
WARNING: By enabling WebLink you are selecting a connection method that submits transaction information by HTTPS form POST to the gateway.

Authorize.Net makes no representations or warranties regarding the security or availability of the WebLink service. The WebLink connection method is subject to certain security risks that could cause information to be lost or stolen. You are cautioned not to place undue reliance on WebLink as a secure method of transferring any personal or customer data. Because of security risks, Authorize.Net may, at its sole discretion and at any time, terminate your WebLink account and/or discontinue the WebLink service.

Keep in mind that WebLink will soon be discontinued as an accepted connection method. You may need to prepare and plan for migration to either Simple Integration Method (SIM) or Advanced Integration Method (AIM).

[jpjakubik]

netstep, on Aug 1 2007, 02:25 AM, said:

Authorize.net SIM payment form is alive and well with no indication of going away.
USAEpay also has a similar hosted payment form.

I know "everyone" uses Authorize.net Advanced Integration Method (AIM) but I have several small volume customers who benefit from off-site credit card number collection.

• No SSL cert required so save $$ every year.
  
• No chance of CC# theft liability

Please don't give up on the simple integration method (SIM).
It's working great for my sites!
If some people are interested, I'll be happy to load my updated SIM module with some added features.

Which API is best for you? Choose AIM or SIM

My Setup: osC MS2.2
Authorize.net Merchant control panel
1. Settings > API Login ID and Transaction Key > Get a transaction key.
2. Settings > Relay Response Response = http://YOURSITE.COM/checkout_process.php
3. Settings > Receipt URL = http://YOURSITE.COM/checkout_process.php

Site configs:
SESSION Force Cookie Use = False
SESSION Check SSL Session ID = False
SESSION Check User Agent = False
SESSION Check IP Address = False
SESSION Prevent Spider Sessions = False
SESSION Recreate Session = False

Site Module Configs:
Enable Authorize.net Module: True
Login Username: xxxxxxxx
Transaction Key: xxxxxxxxxxxxxxx
Transaction Mode: Production
Transaction Method: Credit Card
Customer Notifications: False
Payment Zone: --none--
Set Order Status: default
Sort order of display.: 0

I've found several Authorize.net/SIM threads that helped me sort out my SIM issues:

• need some help with authorize.net module, order confirmation kicks users back to login screen
  
• Authorize.net: basic questions (and basic answers?), SIM vs. AIM, SSL?, Upgrade?
  
• Authorize.NET, Takes me back to login??
  
• Authorize.net confusion
  
• Authorize.net payment error help, Errors not posting
  
• Authorize.net, Transactions complete but no confirmation for customer
  
• Authorize.net setup toubles, please help

I would be interested in your SIM contribution. I have been trying to get authorize.net SIM to work for a few days now with no luck.

[regretta]

The simpler the integration, the better! I'd be interested in this as well.

[Silverado05]

Try AIM, couldn't be any easier.

[elzevir]

Thanks for your post! I'm now interested in SIM since it looks like the PCI rules will make it very hard to use AIM for small vendors (like us). With SIM all the responsibilities fall on authorize.net. I've used AIM for awhile and it works fine but after going through the PCI questionnaire, I think we'll switch.

So is SIM the default authorize.net module in OSCommerce ? I've never seen anyone answer that definitively though from this post, it seems to imply that.

[Silverado05]

elzevir, on Aug 19 2007, 12:18 PM, said:

Thanks for your post! I'm now interested in SIM since it looks like the PCI rules will make it very hard to use AIM for small vendors (like us). With SIM all the responsibilities fall on authorize.net. I've used AIM for awhile and it works fine but after going through the PCI questionnaire, I think we'll switch.

So is SIM the default authorize.net module in OSCommerce ? I've never seen anyone answer that definitively though from this post, it seems to imply that.

I think you have the two confused. AIM you just upload the module and a couple lines of code in like 2 files. Enter your information in the AIM module in the Admin, and you are set. Your customer never leaves your sit and you can process the transaction instantly on your site. All the responsibilities still fall on authorize.net. With SIM you leave your site to process the transaction and that can cause problems when you leave your site to process transaction.

[netstep]

elzevir, on Aug 19 2007, 05:18 PM, said:

Thanks for your post! I'm now interested in SIM since it looks like the PCI rules will make it very hard to use AIM for small vendors (like us). With SIM all the responsibilities fall on authorize.net. I've used AIM for awhile and it works fine but after going through the PCI questionnaire, I think we'll switch.

So is SIM the default authorize.net module in OSCommerce ? I've never seen anyone answer that definitively though from this post, it seems to imply that.

I opened my vanilla osC to check for you and the default is AIM.
Anything that collects CC# on your site is AIM which is convenient and more risky.
I'm swamped right now, but I'll post my updated SIM module soon.

[netstep]

Silverado05, on Aug 16 2007, 10:48 AM, said:

Try AIM, couldn't be any easier.

Yes. AIM is very easy to use. However, AIM puts everything on your site which is very nice, but also includes a bit more risk and the expense of a good SSL cert.

SIM puts all the security liability on Authorize.net.

[netstep]

New Authorize.net SIM contribution.

http://www.oscommerce.com/community/contributions,5370

[Silverado05]

You can set AIM up not to store CC information in the database if that is your worry. It is good to have an SSL just to put the customers mind at ease and to gain trust. A lot of people look for that and they don't understand or know, or care about AIM or SIM. All they know is they are entering their CC information on a site. AIM just looks more professional and besides SSL are not that much. You can find a handful of 3rd party SSL that are under $100 a year. It takes money to make money and IMO that is a small price to pay if it means making a sale and raising my conversion rate.

[toyicebear]

For EU vendors there is now a set of rules of compliance which have to be fulfilled to be able to use integrated on site payment solution, even if you do not store the cc info.

If the US merchant account providers "rules" does change to something along the lines of the ones now being used in the EU, then such compliance will become an issue for those who use integrated on site payment solutions in the US too.

Its not as complicated as the full "PCI" compliance, but it does have quite a few conditions which needs to be meet.

[Silverado05]

You bring up a good point and if I remember correctly if you are in the U.S. and accept credit cards I think it is a requirement by the Federal Trade Commission that online marketplaces have to have SSL. So regardless what payment method you use I think you have to have SSL. I could be wrong but I think this was explained to me a couple of years ago when I set up my shop.

[F0l2saken]

THe new version for 2.2 that was released on au gust 17th 2007 doesn't work what so ever.

I have a fresh install of oscommerce and this new mod is installed second

I try to make a test transaction and this script returns this error message after I complete the form at authorize.net

Warning: Cannot modify header information - headers already sent by (output started at /home/tthlabel/public_html/store/includes/languages/english/modules/payment/authorizenet_sim.php:1) in /home/tthlabel/public_html/store/includes/functions/general.php on line



This module needs to be updated I believe, If i'm running into this problem on a fresh install obviously something isn't right with it.

It still processes the order, but having a crash like that right after you submit cc information is horrible

[Bruin_03]

Silverado05, on Aug 20 2007, 02:37 AM, said:

You bring up a good point and if I remember correctly if you are in the U.S. and accept credit cards I think it is a requirement by the Federal Trade Commission that online marketplaces have to have SSL. So regardless what payment method you use I think you have to have SSL. I could be wrong but I think this was explained to me a couple of years ago when I set up my shop.

I could be wrong but as I recall, the SIM was similar to solutions like 2checkout, where payments are processed on the authnet site so having SSL in that case is irrelevant.

Edited by Bruin_03, 30 August 2007, 12:10.

[netstep]

F0l2saken, on Aug 30 2007, 11:54 AM, said:

THe new version for 2.2 that was released on au gust 17th 2007 doesn't work what so ever.

I have a fresh install of oscommerce and this new mod is installed second

I try to make a test transaction and this script returns this error message after I complete the form at authorize.net

Warning: Cannot modify header information - headers already sent by (output started at /home/tthlabel/public_html/store/includes/languages/english/modules/payment/authorizenet_sim.php:1) in /home/tthlabel/public_html/store/includes/functions/general.php on line
This module needs to be updated I believe, If i'm running into this problem on a fresh install obviously something isn't right with it.

It still processes the order, but having a crash like that right after you submit cc information is horrible

I have a highly modified osC so I'll install a clean instance and test it.

[Silverado05]

Bruin_03, on Aug 30 2007, 07:09 AM, said:

I could be wrong but as I recall, the SIM was similar to solutions like 2checkout, where payments are processed on the authnet site so having SSL in that case is irrelevant.

You are still transferring sensitive information so a SSL is needed to encrypt the connection between the two. Just because the payments are processed off site doesn't mean someone can not come in back door and if you checkout process is not secure they can intercept the session. Therefor they require all stores accepted credits cards to have SSL through the entire checkout process.

[netstep]

Silverado05, on Sep 3 2007, 12:11 AM, said:

You are still transferring sensitive information so a SSL is needed to encrypt the connection between the two. Just because the payments are processed off site doesn't mean someone can not come in back door and if you checkout process is not secure they can intercept the session. Therefor they require all stores accepted credits cards to have SSL through the entire checkout process.

SSL is always good idea.
However intercepting basic contact info isn't quite the same as snagging someone's CC info, right?
The A-net payform collects the CC info and doesn't transmit it back to OSC afaik.