Authorize.Net is committed to safeguarding customer information and combating fraud. We operate with a mission to provide the most secure and reliable payment solutions for you and your customers.
To accomplish this, Authorize.Net dedicates significant resources toward a strong infrastructure, and adheres to both strict internal security policies and industry security initiatives.
With Authorize.Net, your customers can be confident their data is secure. We utilize industry-leading technologies and protocols, and we are compliant with a number of government and industry security initiatives.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of comprehensive requirements developed by the major card brands to facilitate the adoption of consistent data security measures. Each year we renew our PCI DSS compliance. To confirm our PCI compliance, please see Visa's list of compliant service providers.
Learn more about PCI DSS and how to validate your PCI DSS
Sarbanes-Oxley, or SOX, is a set of federally mandated accounting standards for all U.S. public company boards, management, and public accounting firms. Authorize.Net is validated annually by external auditors for the current, relevant portions of the Sarbanes-Oxley Act.
Statement on Standards for Attestation Engagements (SSAE) No. 16, commonly known as SSAE-16 defines the professional standards used to assess the internal controls for organizations that provide outsourcing services which impact the control environment of their customers. Authorize.Net is validated annually by external auditors for SSAE-16.SSAE-16 can also be referred to as SOC 1 or Service Organization Controls (SOC) 1 report.
Authorize.Net and its parent company CyberSource validate security measures against applicable sections of numerous federal and state laws–HIPAA, GLBA, California Senate Bill 1386 (SB1386), and many others. Our industry partners also perform regular audits.