Making the Authorize.net Plugin PCI Compliant

Some people may not realize that the current implementation of the Gravity Forms Authorize plugin embeds it’s credit card fields directly into the HTML of the website, and thus cannot really achieve any practical level of PCI compliance in the majority of hosting environments.

Authorize has provided a suite of Accept developer tools to allow plugins to operate in compliance with the PCI SAQ A or SAQ-EP requirements: https://developer.authorize.net/api/reference/features/accept.html

Thankfully, it’s now on the Gravity Forms roadmap to integrate their Authorize add-on with Accept for PCI compliance at either the SAQ A or SAQ A-EP levels! If anyone else is using the Authorize add-on and would like to become PCI compliant, I would highly suggest leaving your feedback on this feature request: https://portal.productboard.com/5rdfmxwwaxvxyympcdjvse7r/c/11-easier-pci-compliance

1 Like
© 2008 - 2019. Gravity Forms is a project by Rocketgenius Inc.