A More Secure Authorize.Net
In the latest release of Charitable Authorize.Net, we added support for Accept.js. Here’s why that matters for your website’s donation process.
Version 1.1 of our Authorize.Net extension came out a little while ago and was significant for a couple of reasons. For one, it included support for Recurring Donations. It also added a feature that allows you to automatically sync the required fields in your Charitable donation forms with the required fields you have defined in your Authorize.Net.
Today, I want to talk about the third key improvement and how it makes your donation process more secure: Accept.js.
What is Accept.js and how does it make my donation form more secure?
Donors never leave your website when you use Authorize.Net to process payments. That’s great for conversion rates – donors who are redirected to a different site for payment are more likely to drop out of the donation process – but it does come with an added level of responsibility. As the website hosting the payment form, you need to do your bit to secure the payment process, like making sure that you have an active SSL certificate to encrypt your website’s communications.
Accept.js is a new feature that Authorize.Net introduced last year, which allows your website to send payment information directly to Authorize.Net without ever handling it itself.
Before Accept.js, donations through Authorize.Net worked like this:
- Your donor fills out the donation form on your site, including the credit card details.
- After submitting the form, your website’s application code receives all those submitted details and uses them to process the donation.
- If the donation is successful, your donor is forwarded to their donation receipt.
Accept.js makes one small but important change to that process. Once the donor has submitted the donation form, Charitable uses Accept.js to send the credit card details to Authorize.Net. If the credit card is OK, Authorize.Net sends back a token. That token represents the credit card, and we can then use that instead of the credit card details to finalize the rest of the donation.
This all takes place very quickly, in your browser, and it means that those credit card details never touch your website’s application code, delivering a significant boost to the security of your donation processing.
How do I start using Accept.js?
First of all, you will need the latest version of Charitable Authorize.Net.
Next, you need to create a Public Client Key in your Authorize.Net dashboard. Go to Account > Settings > Security Settings > General Security Settings > Manage Public Client Key and then answer the secret question in the “Create New Public Client Key” section.
In a separate tab/window, log into your WordPress dashboard and go to Charitable > Settings > Payment Gateways and click on the “Gateway Settings” button in the Authorize.Net block. On the next page, paste in the Public Client Key that you just created in Authorize.Net. Click Save Changes.