Magento 2 Authorize.net DPM PCI 合规性 [英] Magento 2 Authorize.net DPM PCI Compliance

问题描述

我希望讨论如何以消除大部分 PCI 合规风险的方式使用 Magento 2 和 Authorize.net.Magento 2 直接发布方法 (DPM) 似乎仍然包含高水平的风险和要求.我们的设置:Authorize.net 是由我们的银行设置的，让我们使用 TrustWave 来验证我们的 PCI 风险/合规性.我们目前使用 Authorize.net 作为支付网关，并使用现成的 Authorize.net DPM 模块.

I'm hoping discuss how to use Magento 2 and Authorize.net in a way that removes most the PCI compliance risk. The Magento 2 Direct Post Method (DPM) appears to still contain a high level of risk and requirements. Our setup: Authorize.net was setup by our bank and had us use TrustWave to validate our PCI risk/compliance. We are currently using Authorize.net as the payment gateway and using the Out-Of-The-Box Authorize.net DPM module.

TrustWave 问卷中的一个问题:

One of the questions in the TrustWave questionnaire asks:

您管理的网络服务器是否可以控制呈现给您客户的付款页面?

我回答是 - 部分或全部付款页面是从我的网站生成的；因为 Magento 2 系统在 vendor/magento/module-authorizenet/中生成信用卡表单view/frontend/web/template/payment/authorizenet-directpost.html 文件，该文件调用了 Magento_Payment/payment/cc-form 模板.

I answered Yes - some or all of the payment page is generated from my website; since the Magento 2 system generates the Credit Card form in the vendor/magento/module-authorizenet/view/frontend/web/template/payment/authorizenet-directpost.html file which calls the Magento_Payment/payment/cc-form template.

因为这个答案，如果我理解正确的话，我们需要完全符合 PCI 标准.

Because of this answer, if I understand this correctly, we need to be fully PCI compliant.

有没有办法使用 Magento 2 和 Authorize.net 而无需在我们的网络服务器上生成付款表格?我们试图在能够获得报酬的同时限制我们的 PCI 风险(欢迎尖刻评论).

Is there a way to use Magento 2 and Authorize.net without generating the payment form on our webserver? We are trying to limit our PCI risk while being able to be paid (snarky comments welcome).

提前致谢.

推荐答案

Authorize.net 已弃用 DPM api.请参阅:https://developer.authorize.net/api/upgrade_guide/

Authorize.net has deprecated the DPM api. See: https://developer.authorize.net/api/upgrade_guide/

他们建议现在使用 Accept.js 方法作为替代.https://developer.authorize.net/api/reference/features/acceptjs.html

They suggest using the Accept.js method now as a replacement. https://developer.authorize.net/api/reference/features/acceptjs.html

这篇关于Magento 2 Authorize.net DPM PCI 合规性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！