Hello,

I m having a hard time in deciding which company to go with, AuthorizeNet or CDG Commerce? They both seem to be good but I seek the advice of those who are experienced in this area.

I know AuthorizeNet is just a payment processor and would require a merchant account to be purchased separately to go with them and CDGCommerce bundles both in their package, i.e. merchant account + payment gateway.

So guys kindly advice which one would be the best choice based on all the quality determination factors?


Regards,
wakh

Hello Wakh,

I just wanted to let you know that it is not a bundle with CDG and authorize.net. We just save the merchant a step and set up the authorize.net account for them.

does authorize accept international merchant?

Between the two, I would suggest going with Authorize.net since they are much larger than CDG Commerce. But, bigger isn't always better just if you need support you are more likely to get it. However, I would recommend getting a solution with PayPal. I've found it more effective personally since you have access to your funds right away in one place.

Go with authorize.net and a merchant account. Never NEVER go with 'bundled' solutions because they usually 'rig' them so that one works only with another. This ties down the merchant and takes away all competitive pricing leverage since the parts are not interchangable, you're trapped into both services like them or not

AMSPCS

Thanks for your tip. Will definitely keep it in mind.

Hello Wakh,

I just wanted to let you know that it is not a bundle with CDG and authorize.net. We just save the merchant a step and set up the authorize.net account for them.

I did not understand your post. I guess you meant to say that you just save merchant a step by setting up a merchant account for them to use with the payment gateway?

Between the two, I would suggest going with Authorize.net since they are much larger than CDG Commerce. But, bigger isn't always better just if you need support you are more likely to get it. However, I would recommend getting a solution with PayPal. I've found it more effective personally since you have access to your funds right away in one place.

Thanks for the suggestion. I basically want to accept payments on my website, i.e. I don't want to redirect the customer to Paypal's page to complete the payment. This is the reason I am considering the above mentioned payment processors. Does Paypal provide an option to accept payment on your own website?

Regards,
wakh

Authorize.net --without a doubt. Especially going forward. Last week Visa bought Cybersource, which is the parent company of Authorize.net. The security is good and if your company grows, you can jump up to their Cybersource solution pretty easily. The API is a breeze and is integrated with most shopping carts already.

my vote goes to authorize.net and they are known and popular in Pp.

Authorize.Net is a wonderful choice. Shop around through their reseller network until you find the best rate and service for your company.

Looking at all the votes now, I can see Authorize.Net as the clear winner.

However, I think I will have to become PCI compliant also if I use Authorize.Net to accept payments on my website right?

Thanks for the suggestion. I basically want to accept payments on my website, i.e. I don't want to redirect the customer to Paypal's page to complete the payment. This is the reason I am considering the above mentioned payment processors. Does Paypal provide an option to accept payment on your own website?

Regards,
wakh

PayPal Website Payments Pro allows you to do it on your own website via API.

Looking at all the votes now, I can see Authorize.Net as the clear winner.

However, I think I will have to become PCI compliant also if I use Authorize.Net to accept payments on my website right?

Correct, you do indeed need to be PCI Complient, you can find more information about Authorize.net's requirements at https://www.authorize.net/resources/pcicompliance/

Are there any companies that offer the service of making you PCI Compliant in return of a small fee? As the process seems very difficult.

Yes, there are processors who will assist merchants with the process and some that even have entire departments that are available to answer your questions about PCI-DSS and the steps needed to obtain compliance depending on your merchant type. When you are shopping around for a processor, it's a great idea to ask to speak to their PCI Manager about the products and services they can offer you. You don't have to go through the process alone.

I have decided to go with Authorize.net. Do they offer the service to make merchants PCI Compliant?

I'd strongly recommend you reconsider and go with CDG. You can always use Authorize.net emulation mode for their gateway, or you can just straight use authorize.net as a gateway. It's not advertised on their site but it's available. You won't find lower rates anywhere else and especially if you are just starting out, that's important.

I would call them directly and ask. Authorize.Net is also available through a network of resellers, some of them may have another solution to help you navigate the waters of PCI. Either way, Authorize.Net will be able to point you in the right direction based on your business needs. Good Luck :)

Authrize.net is the best from a consumer standpoint because they have the highest visibility and are well known.

Having this logo builds credibility more than the other options.

Stick with Authorize.net

I'd strongly recommend you reconsider and go with CDG. You can always use Authorize.net emulation mode for their gateway, or you can just straight use authorize.net as a gateway. It's not advertised on their site but it's available. You won't find lower rates anywhere else and especially if you are just starting out, that's important.

I agree with you on the rates aspect, I had a look through their rates and they are indeed very low. Another thing I noticed is that they provide you the solution in such a form which automatically makes you PCI Compliant. Now I am not sure that in order to become PCI Compliant you have to redirect customers to their page to complete payment or you can make customers complete payment process on your own website. The thing is no one thus far voted for CDG except you. So I am wondering what is the reason for not voting for CDG other than the reputation and credibility aspect?

Most merchant providers can offer a Hosted Payments Page. These pages, have the same look and feel of the merchants’ own website, but are hosted by a trusted third party so that the merchant never touches the payment data. While Hosted Payment Pages help to lessen the process, they do not not 'automatically' make you PCI compliant, nor does it eliminate all of your PCI requirements.

You will still need to complete your self assessment questionnaire (SAQ) and attestation of compliance. If you are a non-reseller webhost, you may also fall into the Service Provider realm of PCI-DSS, which will open up an entirely new set of regulations for you if you are storing or touching your customer's card data.

Again your merchant account provider can help guide you through the process.

Here is a great forum to poke around in if you have more questions about PCI-DSS, before talking to your merchant provider http://forum.pcianswers.com/forumdisplay.php?f=2

I agree with you on the rates aspect, I had a look through their rates and they are indeed very low. Another thing I noticed is that they provide you the solution in such a form which automatically makes you PCI Compliant. Now I am not sure that in order to become PCI Compliant you have to redirect customers to their page to complete payment or you can make customers complete payment process on your own website. The thing is no one thus far voted for CDG except you. So I am wondering what is the reason for not voting for CDG other than the reputation and credibility aspect?

I don't know the people in this thread so I can't really say for sure, but I think it has alot to do with vanity. I certainly understand and agree that money needs to be spent on improving your image, but customers do not know the difference (since there really isn't one).

Authorize.net straight up will cost you more, you have to worry about PCI compliance (at least if you want to use recurring billing) and your one out of a million customers.

From what I've seen of CDG they are much more personable than most authorize.net resellers, they offer the quantum vault which is nearly tailor-made for web hosts and as stated previously, the rates can't be beat.

I've been with CDG for several years now and have for the most part been very satisfied. Although there have been a few snafus along the way, they have always been sorted out. I use authorize.net through CDG and use the SIM method for low cost PCI compliance. (I also use paypal express which many of my customers seem to prefer.)

If you do a search for CDGCommerce on this forum you'll find plenty of satisfied customers offering rave reviews!

Using specific integration methods can get you 90% PCI compliant --the other portion is up to you. Items like change your username and passwords, don't keep customers credit card numbers laying around the office, etc.
www.pcisecuritystandards.org is the group that regulates PCI. They have a checklist you can use called SAQ. But using Authorize.net will get you most of the way there. For the merchant account try e-online data or Merchant Focus. Both of those groups specialize in e-commerce merchants and Authnet.

I agree with you on the rates aspect, I had a look through their rates and they are indeed very low. Another thing I noticed is that they provide you the solution in such a form which automatically makes you PCI Compliant. Now I am not sure that in order to become PCI Compliant you have to redirect customers to their page to complete payment or you can make customers complete payment process on your own website. The thing is no one thus far voted for CDG except you. So I am wondering what is the reason for not voting for CDG other than the reputation and credibility aspect?

You most definitely can be PCI compliant with your own website.

I don't want to use 'hosted page' solution to become PCI compliant. I have decided to go with Authorize.Net through one of their resellers because approaching them directly costs more.

Now I will be using their Advanced Integration API to connect my website to them. I will have to handle and store credit card details on my website in order for things like refund, this means that I have to become PCI compliant and the requirements are much stronger than in the case of their 'Simple Integration Method'.

I am not clear of one thing, is it compulsory by law to become PCI compliant? If a merchant is not PCI compliant then what are the consequences and what are the scenarios for these consequences?

PCI is not really "law". You can't go to jail if your not PCI compliant. It is a set of security standards that the card associations (Visa, Mastercard, Discover, AMX,etc) put together to curb fraud and increase security. If you are not PCI compliant, your merchant account provider might turn off your merchant account because they are liable (as well as you) in case of a breech. If you are breeched/hacked, the card associations can fine you for the breech, as well as cut off your ability to take credit cards and charge you for a forensic data audit and onsite inspections. You can even get charged for the reissuing of new cards for customers who where effected by the breech. The card associations are mandating that all merchants be PCI compliant if they are taking credit cards.

Another vote for AuthorizeNet

I have decided to go with Authorize.net. Do they offer the service to make merchants PCI Compliant?

This will qualify you for Level 1 PCI Compliance. It will certify up to 6 Devices and will scan every quarter. The service is provided by McAfee (https://www.mcafeesecure.com/Affiliate.sa?framed=Y&&a=7211&c0=P9200&k0=aabd1c7564dab6e02b712ddb4bd6710a) and works well.

PCI is not really "law". You can't go to jail if your not PCI compliant. It is a set of security standards that the card associations (Visa, Mastercard, Discover, AMX,etc) put together to curb fraud and increase security. If you are not PCI compliant, your merchant account provider might turn off your merchant account because they are liable (as well as you) in case of a breech. If you are breeched/hacked, the card associations can fine you for the breech, as well as cut off your ability to take credit cards and charge you for a forensic data audit and onsite inspections. You can even get charged for the reissuing of new cards for customers who where effected by the breech. The card associations are mandating that all merchants be PCI compliant if they are taking credit cards.

Thanks, I now understand that it is not obligatory by law and that in case of no PCI compliance the merchant can be fined for not being PCI compliant.

This will qualify you for Level 1 PCI Compliance. It will certify up to 6 Devices and will scan every quarter. The service is provided by McAfee and works well.

Ok so I qualify for level-1 PCI compliance. I did not understand what McAfee service you provided link for actually does? Please provide a detailed reply as I am new to this topic.

Thanks everyone for valuable contribution.


Regards,
wakh

Ok so I qualify for level-1 PCI compliance. I did not understand what McAfee service you provided link for actually does? Please provide a detailed reply as I am new to this topic.

Thanks everyone for valuable contribution.


Regards,
wakh

McAfee is a third party service that certifies you are PCI Complient. Authorize.net will verify if you are PCI Complient or not. Hence, you need to sign up with the link I provided to become PCI Complient.

Is that all I need to become PCI Compliant for Authorize.Net? i.e. signup for the McAfee's service?

Is that all I need to become PCI Compliant for Authorize.Net? i.e. signup for the McAfee's service?

Correct. McAfee will scan your servers for vulnerabilities then ask you to solve those issues. Eventually you will get a fancy chart like attached. McAfee will scan quarterly to verify you are PCI Complient. You'll also will out a single questionaire on how you collect information etc.

(In this case, it is a server that hasn't been fully secured yet)

Correct. McAfee will scan your servers for vulnerabilities then ask you to solve those issues. Eventually you will get a fancy chart like attached. McAfee will scan quarterly to verify you are PCI Complient. You'll also will out a single questionaire on how you collect information etc.

(In this case, it is a server that hasn't been fully secured yet)

Ok so to recap the following is all I need to successfully start receiving payments on my website and be fully PCI Compliant:

- Merchant Account
- Authorize.Net Payment Gateway Account
- SSL certificate to encrypt transaction details for submitting to Authorize.Net Gateway
- Signup for McAfee service by using your link to become PCI Compliant.

Did I get it right, GCM?

Remember that you can go with CDGcommerce and get the Authorize.net gateway.

Ok so to recap the following is all I need to successfully start receiving payments on my website and be fully PCI Compliant:

- Merchant Account
- Authorize.Net Payment Gateway Account
- SSL certificate to encrypt transaction details for submitting to Authorize.Net Gateway
- Signup for McAfee service by using your link to become PCI Compliant.

Did I get it right, GCM?

Correct, Authorize.net will ask for verification that you are PCI Complient. McAfee will generate a document downloadable in the panel. Dending on many transactions per year you process the requirements will vary.

Correct, Authorize.net will ask for verification that you are PCI Complient. McAfee will generate a document downloadable in the panel. Dending on many transactions per year you process the requirements will vary.

Alright, so I can handover the document generated by McAfee to Authorize.net as a proof of my PCI Compliance?

One thing though, this service by McAfee, is it a totally free service? If yes, then I wonder what benefit do they get by offering it for free?

Regards,
wakh

Alright, so I can handover the document generated by McAfee to Authorize.net as a proof of my PCI Compliance?

One thing though, this service by McAfee, is it a totally free service? If yes, then I wonder what benefit do they get by offering it for free?

Regards,
wakh

It is not free. You start paying for it after a year.

It is not free. You start paying for it after a year.

It's a partner code, it will cover up to 6 devices at no cost.

Alright, so I can handover the document generated by McAfee to Authorize.net as a proof of my PCI Compliance?

One thing though, this service by McAfee, is it a totally free service? If yes, then I wonder what benefit do they get by offering it for free?

Yes, McAfee will generate two reports confirming you are PCI Complient under certificate number 3709-01-04 in the framework of the PCI data security initiative.

As far as cost, see above.

Regards,
wakh

It's a partner code, it will cover up to 6 devices at no cost.

Thanks for your link GCM. One thing though, you mentioned I qualify for level 1 PCI Compliance, I checked the Authorize.net's website and according to their list I qualify for a lower level, for instance I see myself fitting in their level 2 or level 3?

Authorize.net's Understanding PCI Compliance page:
http://www.authorize.net/resources/pcicompliance/

Thanks for your link GCM. One thing though, you mentioned I qualify for level 1 PCI Compliance, I checked the Authorize.net's website and according to their list I qualify for a lower level, for instance I see myself fitting in their level 2 or level 3?

Authorize.net's Understanding PCI Compliance page:
http://www.authorize.net/resources/pcicompliance/

I was just guessing your transactions ;). That's why I provided the link to the nice little chart.

Hmm OK. Thanks for all your replies GCM. I now understand what to do to achieve PCI Compliance. Your replies were the most helpful.:)

Thanks to everyone else who contributed too.

Correct, Authorize.net will ask for verification that you are PCI Complient. McAfee will generate a document downloadable in the panel. Dending on many transactions per year you process the requirements will vary.

My Merchant Account Provider (Social Business Bank (with authorize.net gateway)) helped me a lot with this stuff (PCI Complient). They also integrated the API in my shopping Cart.

Also a vote for Authorize.net!

Authorize.net does not accept international customer only for US and CA

Authorize.net does not accept international customer only for US and CA

Even if someone signs up for their payment gateway account through one of their resellers?