Magento 2 Authorize.net DPM PCI合规性 [英] Magento 2 Authorize.net DPM PCI Compliance
问题描述
我希望讨论如何以消除大多数PCI合规风险的方式使用Magento 2和Authorize.net.Magento 2 Direct Post方法(DPM)似乎仍然包含很高的风险和要求.我们的设置:Authorize.net由我们的银行设置,并让我们使用TrustWave验证我们的PCI风险/合规性.我们目前正在使用Authorize.net作为支付网关,并使用现成的Authorize.net DPM模块.
I'm hoping discuss how to use Magento 2 and Authorize.net in a way that removes most the PCI compliance risk. The Magento 2 Direct Post Method (DPM) appears to still contain a high level of risk and requirements. Our setup: Authorize.net was setup by our bank and had us use TrustWave to validate our PCI risk/compliance. We are currently using Authorize.net as the payment gateway and using the Out-Of-The-Box Authorize.net DPM module.
TrustWave调查问卷中的一个问题询问:
One of the questions in the TrustWave questionnaire asks:
您管理的网络服务器是否可以控制显示给客户的付款页面?
我回答是-部分或全部付款页面是从我的网站生成的; 因为Magento 2系统在 vendor/magento/module-authorizenet/中生成了信用卡表格,view/frontend/web/template/payment/authorizenet-directpost.html 文件,该文件调用 Magento_Payment/payment/cc-form 模板.
I answered Yes - some or all of the payment page is generated from my website; since the Magento 2 system generates the Credit Card form in the vendor/magento/module-authorizenet/view/frontend/web/template/payment/authorizenet-directpost.html file which calls the Magento_Payment/payment/cc-form template.
由于这个答案,如果我正确理解这一点,我们需要完全兼容PCI.
Because of this answer, if I understand this correctly, we need to be fully PCI compliant.
有没有一种方法可以使用Magento 2和Authorize.net,而无需在我们的网络服务器上生成付款表格?我们正在努力限制可支付的PCI风险(欢迎发表评论).
Is there a way to use Magento 2 and Authorize.net without generating the payment form on our webserver? We are trying to limit our PCI risk while being able to be paid (snarky comments welcome).
谢谢.
推荐答案
Authorize.net已弃用DPM api.请参阅: https://developer.authorize.net/api/upgrade_guide/
Authorize.net has deprecated the DPM api. See: https://developer.authorize.net/api/upgrade_guide/
他们建议现在使用Accept.js方法来代替. https://developer.authorize.net/api/reference/features/acceptjs.html
They suggest using the Accept.js method now as a replacement. https://developer.authorize.net/api/reference/features/acceptjs.html
这篇关于Magento 2 Authorize.net DPM PCI合规性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
