Authorize.net is dedicated to the protection of customer information and the combating of fraud. Our mission is to provide the most secure and reliable payment solutions for you and your customers.

Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard (PCI DSS) is a comprehensive set of requirements developed by major card brands to facilitate the adoption of consistent data security measures. We renew our PCI DSS compliance annually.

Obtaining Authorize.Net Attestation of Compliance (AoC)

• Option 1 – Direct Link - Visa Global Registry of Service Providers
• Option 2 – Search Visa Global Registry of Service Providers
  1. Visit the Search Service Providers page.
  2. Under Find a Service Provider, enter Authorize.Net in the Company Name.
  3. Click Search
  4. Click on the result for CyberSource (including Authorize.Net and K.K)

SSAE-18 (formerly known as SAS70)

Statement on Standards for Attestation Engagements (SSAE) No. 18, commonly known as SSAE-18, defines the professional standards used to assess the internal controls for organizations that provide outsourcing services that impact the control environment of their customers. Authorize.Net is validated annually by external auditors for SSAE-18.

SSAE-18 can also be referred to as SOC 1 or Service Organization Controls (SOC) 1 report.

If you require additional details of Authorize.net compliance, please submit a Support Case requesting a copy of the SSAE 18 report. Include the following details in your request:

1. Your full name
2. Title (Sr. Manager and above)
3. Your company name (DBA if different)
4. Mailing address (cannot be a P.O. Box)
5. Email address
6. Telephone number
7. Payment Gateway ID or Reseller ID.

By default, Authorize.net will provide a digital copy by attaching the report to your Support Case.

• Only Account Owners and Account Administrators may request the SSAE-18 report.
• Reseller/Partners may request a copy of the SSAE-18 report.