9.13 includes a update to the Authorize.net integration to Miva. It allows customers to optionally use their latest front end API called Accept.js resulting in the credit card number never touching your Miva server, allowing merchants to complete an SAQ-A-EP for PCI compliance.
Using Accept.js, after the customer has typed in their card, it gets sent to Authorize.net which will then tokenize it and sent back a token to Miva which then gets submitted to the Miva server to authorize payment.
Once you’ve installed 9.13, if you wish to take advantage of the additional security benefits of the new Accept.js integration you’ll need to manually generate a Public Client Key from within you authorize.net account.
Once this key has been added, Miva will automatically use it to output the correct Accept.js code during runtime so that your site leverages the new User Interface. There is no visual way to identify if your site is using the latest Accept.JS code. The easiest way to confirm it is working is to navigate to the last step of the chekout process (OPAY) and view the page source. Look for the following line:
The production URL is: https://js.authorize.net/v1/Accept.js
Note: While adding the Public Client Key is optional, it is strongly recommended for the additional security benefits you get by never having your Miva server touch the card number. If you do not add a Public Client Key, your Authorize.net integration will continue to work using the current method.
This update also brings a backend server side change to the authorize.net integration. The previous integration used Authorize.net’s older Name/Value Pair API. As of 9.13 all requests are made using their latest XML API. This change is transparent to the merchant and customer. There is nothing "different" expect the server-side API calls.
Because of the change from the NVP API to the XML API, you will no longer be able to use Authorize.net as an emulator for other gateways. If you are currently doing this, Miva will prevent you from upgrading to 9.13 until you fix the API endpoints (back to default). To signup for a new Authorize.net account please click here: