in a nut shell if you through ofbiz collect a CC # you are under PCI. the only way is to send the customer to a site that handles CC and all ofbiz does is store the authorization code. I use Paypal that way. Paypal also lets you style you payment page on there site. it is transparent to the customer.
Scott. sent the following on 10/22/2009 8:47 AM: > Hello all, > > We are very close to finalizing our method of credit card processing within > ofbiz and of course, PCI compliance is taking a front seat. We will be using > authorize.net as our gateway and they several different methods with regards > to integration. The easy thing would be to use the current supported method > but my preference would be to not store credit card info at all. > > They are the Simple Checkout, Server Integration Method (SIM) and the > Advanced Integration Method (AIM). I believe that ofbiz natively supports > AIM. The main difference between the three is that from a PCI standpoint the > simple and the SIM method store the credit card data on the Authorize.Net > PCI-compliant servers thus eliminate the PCI compliance for our company. If > I am correct, the SIM method keeps your checkout pages looking the way they > were designed and being able to use the native ofbiz to actually charge > authorizations, etc. > > Has anyone implemented this with ofbiz successfully? How much trouble will > be to modify the ofbiz payment services not to store/read any sensitive > credit card information. > > Thanks in advance for any thoughts. > -- BJ Freeman http://www.businessesnetwork.com/automation http://bjfreeman.elance.com http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro Systems Integrator.