Authorize.net payments uses deprecated API
Bug #1939061 reported by
Jane Sandberg
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
New
|
Undecided
|
Unassigned |
Bug Description
The authorize.net integration for credit cards uses Business:
Jason Boyer pointed out that the Stripe integration is all client-side now. It seems like AuthorizeNet encourages something similar: client-side javascript that uses their "Accept.js" library, which is hosted on AuthorizeNet servers: https:/
tags: |
added: circ-billing opac removed: billing |
tags: | added: opac-account |
To post a comment you must log in.
My late-night jest on IRC wasn't 100% correct. Looking now there is a perl module involved in talking to Stripe but rather than handling CC numbers it only deals in tokens and such. Business::Stripe does receive updates though and makes it easy to change the version of Stripe's API used.
That said, if Auth.net can function in a similar way that would be great! Not having CC numbers touch the server's network makes PCI compliance easier and also should make everyone feel better all around.