Authorize.net Cim, Email Not Being Sent From Client Registration

[AllanD]

I am trying to set up Blesta 3.3 using the Customer Information Manager (CIM) within Authorize.net (which seems to be configured OK).  I created an Order Form under Packages and set the type to Client Registration.  The form asked for email, but the email did not pass through to CIM; Only the basic account information did.

 

Is there a point of configuration to map the fields from Blesta to the payment gateway/CIM?

 

Also when using CIM, what credit card information gets stored locally?

[Cody]

Blesta doesn't pass the email address to Authorize.net. Authorize.net only uses the email address to send purchase receipt emails which is super awkward for clients. Blesta handles purchase receipts, so no need to use that "feature" of Authorize.net.

[Cody]

 

Also when using CIM, what credit card information gets stored locally?

 

The customer token, account token, last 4 of card number, card expiration date.

[AllanD]

The customer token, account token, last 4 of card number, card expiration date.

 

So if this is stored locally, does that mean our site would have to be PCI compliant and scanned periodically?

 

I thought part of the point of CIM was to move the critical card information storage off to authorize.net and remove the need for proving compliance (even though it may be compliant)?

[Cody]

If you allow users to enter credit card numbers at your domain name, then yes you should obtain PCI compliance scans.

[Cody]

I thought part of the point of CIM was to move the critical card information storage off to authorize.net and remove the need for proving compliance (even though it may be compliant)?

 

No, that's not the point at all.

 

The point is to defer the responsibility of keeping that card data secure to the gateway, which reduces your liability should your database be leaked.