How secure is Authorize.Net?

Authorize.Net is uncompromising when it comes to providing merchants with secure, trustworthy payment processing services. For receiving and transmitting customer payment information Authorize.Net implements the most advanced Internet security protocols including 128-bit Secure Sockets Layer (SSL). On top of that, Authorize.Net consistently employs an extensive number of strong practices, procedures and industry leading technologies to maintain tight security for the entire payment gateway platform. We also maintain compliance with high quality security programs developed by the card associations, such as Visa Cardholder Information Security Program (CISP) and MasterCard Site Data Protection (SDP); and are continually investing time and money to maximize the security surrounding the payment gateway.

How secure is submitting transactions over the Internet?

Submitting transactions over the Internet can be as secure as providing credit card or check payments in person. All parties involved with processing any payment transaction—including customers, merchants, merchant service providers or businesses that handle customer payment information, and payment gateways—should be vigilant about protecting customer payment information.

For merchants and merchant service providers that may handle customer payment information, there are many payments industry security initiatives and programs in place that are designed to safeguard customer payment and other sensitive information—programs with which in many cases they are required to prove compliance. As you seek merchant service providers to work with, be sure to find out about their efforts to meet industry standard security requirements and practices. A professional organization will do everything in their capacity to meet and maintain the highest levels of Internet security—which is why Authorize.Net is compliant with maintaining the highest industry security standards.

Where does Authorize.Net fit in the credit card payments process?

In the credit card payments process, Authorize.Net sits between the merchant and the payment processing entity (e.g., FDMS, TSYS Acquiring Solutions (SM), Global) that does business with the merchant’s bank. Authorize.Net also has a relationship with the payment processing entity, which allows Authorize.Net to pass transaction information on behalf of the merchant via the Internet (over a proprietary and secure connection).

A typical Authorize.Net credit card transaction flows in the following way:

1. A credit card transaction is submitted to the Authorize.Net Payment Gateway either from a merchant Web site or directly from a merchant.
2. Authorize.Net automatically passes the transaction to the Acquiring Bank’s Processor (the payment processor that does business with the merchant’s bank).
3. The Acquiring Bank’s Processor passes the transaction to the Credit Card Interchange System (an entity that routes payment information to the parties involved in settling a credit card transaction).
4. The Credit Card Interchange System routes the transaction to the appropriate Credit Card Issuer (the bank or organization that issued the customer their credit card).
5. The Credit Card Issuer approves or declines the transaction and passes both the transaction results and the appropriate funds back through the Credit Card Interchange System.
6. The Credit Card Interchange System relays the transaction results to the Acquiring Bank’s Processor.
7. The Acquiring Bank’s Processor relays the transaction results to Authorize.Net.
8. Authorize.Net stores the transaction results and sends it back to the merchant and customer.
9. The Credit Card Interchange System also passes the appropriate funds for the transaction to the Acquiring Bank (the merchant’s bank).
10. The Acquiring Bank passes remaining funds to the merchant’s bank account. An average, steps 1-8 take only 3 to 4 seconds!