问题
I'm hoping discuss how to use Magento 2 and Authorize.net in a way that removes most the PCI compliance risk. The Magento 2 Direct Post Method (DPM) appears to still contain a high level of risk and requirements. Our setup: Authorize.net was setup by our bank and had us use TrustWave to validate our PCI risk/compliance. We are currently using Authorize.net as the payment gateway and using the Out-Of-The-Box Authorize.net DPM module.
One of the questions in the TrustWave questionnaire asks:
Do the web servers you administer have control over the payment page that is presented to your customers?
I answered Yes - some or all of the payment page is generated from my website; since the Magento 2 system generates the Credit Card form in the vendor/magento/module-authorizenet/view/frontend/web/template/payment/authorizenet-directpost.html file which calls the Magento_Payment/payment/cc-form template.
Because of this answer, if I understand this correctly, we need to be fully PCI compliant.
Is there a way to use Magento 2 and Authorize.net without generating the payment form on our webserver? We are trying to limit our PCI risk while being able to be paid (snarky comments welcome).
Thanks in advance.
回答1:
Authorize.net has deprecated the DPM api. See: https://developer.authorize.net/api/upgrade_guide/
They suggest using the Accept.js method now as a replacement. https://developer.authorize.net/api/reference/features/acceptjs.html
来源:https://stackoverflow.com/questions/54777168/magento-2-authorize-net-dpm-pci-compliance