Thanks, everyone, for the comments... Judah, I'm using the Advanced Integration Method (AIM), since I'm hosting my own form.
Here's what I'm referring to in the Authorize.net info about personally identifying information: >From the Advanced Integration Method docs: ---------------------------------------------------------------------- Merchant-defined data fields are not intended to and must not be used to capture personally identifying information. Accordingly, the merchant is prohibited from capturing, obtaining, and/or transmitting any personally identifying information in or by means of the merchant-defined data fields. Personally identifying information includes, but is not limited to, name, address, credit card number, social security number, driver's license number, state-issued identification number, passport number, and card verification numbers (CVV, CVC2, CVV2, CID, CVN). If Authorize.Net discovers that the merchant is capturing and/or transmitting personally identifying information by means of the merchant-defined data fields, whether or not intentionally, CyberSource will immediately suspend the merchant's account, which will result in a rejection of any and all transaction requests submitted by the merchant after the point of suspension. ---------------------------------------------------------------------- That seems clear to me, that in the AIM method, I can't use the "merchant-defined" x_ fields to capture any of the info mentioned above. My plan was just to send to them what they require for the processing and use the other fields from the form for the in-house emailing, thank-you's, "in honor of", "in memory of", etc., data. I don't think that kind of data can go through Authorize.net's server and back to me. Rick -----Original Message----- From: Judah McAuley [mailto:ju...@wiredotter.com] Sent: Tuesday, September 18, 2012 3:31 PM To: cf-talk Subject: Re: Question about using AJAX with Authorize.net You have to send Auth.net personally identifying information in order to use AVS (the address verification service), so I know they don't forbid that. Maybe it depends on the integration method you are using. Are you doing the simple integration method where you send the user to auth.net and then they come back or are you using a behind the scenes post to their api to do the auth? Judah On Tue, Sep 18, 2012 at 10:40 AM, Rick Faircloth <r...@whitestonemedia.com> wrote: > > I'm implementing my first donation form using Authorize.net. > > I've found in their fine-print that I cannot submit any personally > identifiable information to their servers. > > We have a form which includes personally identifiable information > for emailing thank-you's, etc. > > Therefore, I'm planning to implement an AJAX solution to > intercept the formfield data that is applicable to the transaction > and is required by Authorize.net and submit that via AJAX to a method > in a cfc, which will send the pertinent data to Authorize.net. > > In the success section of the AJAX solution to Authorize.net, I'll > implement a further submission of the rest of the form data (the > personally identifiable information) to another method in a cfc, > which will process that data for in-house (non-Authorize.net) use. > (Or something similar to this process...) > > Any warnings, cautions, or gotcha's in this approach? > > Thanks for any feedback! > > Rick > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352664 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
