Security and Compliance
Authorize.Net is committed to safeguarding customer information and combating fraud. We operate with a mission to provide the most secure and reliable payment solutions for you and your customers.
To accomplish this, Authorize.Net dedicates significant resources toward a strong infrastructure, and adheres to both strict internal security policies and industry security initiatives.
With Authorize.Net, your customers can be confident their data is secure. We utilize industry-leading technologies and protocols, such as 128-bit Secure Sockets Layer (SSL) and we are compliant with a number of government and industry security initiatives.
Payment Card Industry Data Security Standard
The Payment Card Industry Data Security Standard (PCI DSS) is a set of comprehensive requirements developed by the major card brands to facilitate the adoption of consistent data security measures. Each year we renew our PCI DSS compliance. To confirm our PCI compliance, please see Visa's list of compliant service providers.
Learn more about PCI DSS and how to validate your PCI DSS compliance.
Sarbanes-Oxley, or SOX, is a set of federally mandated accounting standards for all U.S. public company boards, management, and public accounting firms. Authorize.Net is validated annually by external auditors for the current, relevant portions of the Sarbanes-Oxley Act.
The Statement on Auditing Standards No. 70, commonly known as SAS 70, defines the professional standards used to assess the internal controls for organizations that provide outsourcing services which impact the control environment of their customers. Authorize.Net is validated annually by external auditors for SAS 70 Type 2.
Additional Legal Compliance
Authorize.Net and its parent company CyberSource validate security measures against applicable sections of numerous federal and state laws–HIPAA, GLBA, California Senate Bill 1386 (SB1386), and many others. Our industry partners also perform regular audits.