Authorize.Net CIM With Recurring Profiles

Authorize.Net CIM With Recurring Profiles



Magento Platform
Open Source (CE)
1.5, 1.6, 1.7, 1.8, 1.9
Commerce using on prem (EE)
1.10, 1.11, 1.12, 1.13, 1.14,

Tech Specifications

Current Version:
Stable Build
02 March, 2019
Extensions, Payments & Security, Payment Integration
License Type:


Certified by Authorize.Net. Store cards securely. Supports recurring profiles and ACH.


Back to top

Authorize.Net is one of the world's largest premier payment gateways, serving over 400,000 merchants. Their services allow you to accept payment from your customers, by credit card or eCheck, straight from your website. This extension brings Authorize.Net's Customer Information Manager (CIM) to Magento. Authorize.Net CIM takes payment processing to a whole new level, by allowing your customers to store payment information on Authorize.Net's secure servers. This gives you and your customers the convenience of stored credit cards, with all the safety and security of Authorize.Net. It also allows us to give you many advanced features that most payment methods simply aren't capable of.

This payment module fully supports Magento's Recurring Profiles feature. This allows you to create multiple-payment products, subscriptions, and services without relying on PayPal. Billing is performed on whatever schedule you define, and you're always in complete control.


Account & Pricing

There is no extra fee for the Customer Information Manager service, but you must have an active Authorize.Net account. Authorize.Net's standard account fees are $25/mo and 2.9% + $0.30 per transaction. See here for complete pricing info.



  • Pay by credit card or ACH (eCheck)*
  • Enable Accept.js to send CC info straight to Authorize.Net, for enhanced security
  • Accept payment for Recurring Profile products
  • Authorize or Authorize & Capture (invoice immediately, or upon shipment)
  • Partially invoice orders (including reauthorization on partial invoice)
  • Refund (Online Credit Memo)
  • Partially refund orders
  • Void/cancel authorizations
  • Send shipping address to Authorize.Net
  • Send line items to Authorize.Net
  • Require CCV code (for new cards, or with every purchase)
  • Address Verification (AVS)
  • Advanced Fraud Detection Suite (AFDS) and hold-for-review
  • Support 3D Secure (Verified by Visa and MasterCard SecureCode) on checkout**
  • Save credit cards for reuse
  • Add, edit, and delete saved payment data for each customer
  • Edit orders and reorder without contacting the customer for their CC info (even for guests!)
  • Capture funds even after the authorization expires
  • Magento SOAP API support (V1 and V2)
  • Multi-store support: Use a different Authorize.Net account for each website
  • User-friendly setup and configuration

* This extension has built-in support for ACH processing. ACH is configured as its own payment method, and can be enabled or disabled at will. To process ACH payments, you must apply and be accepted by Authorize.Net. For more info, see Authorize.Net's eCheck.Net FAQ.

** 3D Secure card validation allows select customers to log in with their credit card merchant for fraud protection. This requires separate enrollment and configuration of CardinalCommerce's 3D Secure services, not included with this extension. Due to the nature of stored credit cards, not all transactions are covered. 3D Secure is not compatible with Accept.js.

This module supports all standard payment actions in Magento. It also allows customers to save their payment info for future use. This gives returning customers the convenience of stored credit cards and rapid checkout, without breaking PCI compliance.

When a customer first checks out using our Authorize.Net payment method, they are given a form to enter credit card details. If they choose to save those details, the next time they make a purchase they can enter a new card, or use a previous credit card with a single click. Your users can also view, add, edit, and delete any of their stored credit cards through a "Manage My Cards" interface in their account, also available through the Magento Admin Panel.



Stored payment info is good for your business.

  • It simplifies checkout.
  • It encourages your customers to keep coming back.
  • It lets your customer service staff quickly process orders and billing changes, without needing to repeatedly ask customers for their credit card info.
  • It streamlines order management and integration (for compatible systems).



This is an Authorize.Net Certified Solution since 2013, listed in Authorize.Net's official certified solutions directory. Our payment modules are used on thousands of Magento stores, and our reviews speak for themselves.



All communication with Authorize.Net is done using SSL encryption, and no confidential cardholder data is ever stored on your own server. A process called tokenization is used to run transactions with stored payment information. This lets your customers pay with a 'saved' card that's not on your server at all.

We are often asked about PCI compliance. PCI compliance is a complex and multifaceted issue, covering every aspect of your business. We can't guarantee that your business is PCI-compliant. That depends on your server, passwords, business processes, regular security scans, other payment methods, and a lot more. What we can tell you is that this extension will not prevent you from being PCI compliant. We don't log confidential cardholder data, or do anything else that would bring you under scrutiny.

The exact PCI scope of this extension depends on your configuration.

  • If you enable Accept.js, and do not accept ACH payments, we will not send any confidential payment data through your server. Since Accept.js sends the credit card number directly to Authorize.Net, using this extension for all credit card transactions may make you eligible for PCI Self-Assessment Questionnaire (SAQ) A-EP.
  • If you do not enable Accept.js, this payment method falls under the scope of PCI SAQ D.

For details on the SAQ types and what eligibility means, see "Self-Assessment Questionnaire Instructions and Guidelines (3.2)" (PDF, by PCI Standards Security Council).



We are experienced, certified Magento developers. All of our code is clean, well-documented, and follows Magento standards and best practices. We make sure to do things the right way.

Our source code is 100% unencoded (viewable source). When you purchase this extension, you get full access to view and modify the source any way you need to (within the terms of the license).

This module supports many third-party extensions, including one-page and other custom checkout modules, and XTENTO's Magento Order Export Module.



We pride ourselves on excellent support. Your purchase includes one year of complimentary extension support, plus free bug fixes and updates for the lifetime of this extension. If you find that it doesn't work as we intended in a standard installation, we'll help you fix that.

Our staff are all located in the United States, with an office in downtown Lancaster, PA, open weekdays from 8 AM to 5 PM Eastern Time. Have a question, or want to try it out? Give us a call at 717-431-3330, or email us at

Release Notes

Back to top


  • Compatible with Open Source (CE) : 1.5 1.6 1.7 1.8 1.9
  • Compatible with Commerce using on prem (EE) : 1.10 1.11 1.12 1.13 1.14
  • Stability: Stable Build
  • Description:

    - Updated Authorize.Net certificate authorities for changed sandbox SSL.
    - Clarified currency handling.
    - Improved performance of Manage Cards with many cards and orders.
    - Fixed Accept.js nonce handling on payment step AJAX reload.
    - Fixed field validation stripping dashes from addresses.
    - Fixed non-digit characters throwing off last4 numbers on checkout submit with Accept.js.
    - Fixed possible API error with empty or extended-characters-only product names.
    - Fixed shipping address not being sent on reauthorization transactions.

    2.3.5 - 6 October 2017
    - Added protection to frontend My Payment Data page to help prevent abuse. (Will now require order history to use, and block after numerous failures.)
    - Added settings check for corrupted API credentials.
    - Added support for browser CC autofill.
    - Added support for pulling expiration date and CC BIN from the CIM API.
    - Fixed legacy card handling when migrating from Hosted CIM.
    - Fixed multishipping checkout when adding a new card with Accept.js enabled.
    - Fixed possible Accept.js error with CCV disabled.
    - Fixed possible PHP error on checkout failure with Accept.js enabled.
    - Modified legacy card importer to pull expiration date.

    2.3.4 - 3 March 2017
    - Fixed errors caused by Accept.js nonce format change.
    - Fixed possible issues with AFDS hold-for-review.
    - Fixed possible checkout JS errors if Magento JS translator is not present.
    - Fixed problems with SOAP API calls when running in WSI mode.
    - Fixed unintended card validation on update of a duplicate card on checkout.


  • Compatible with Open Source (CE) : 1.5 1.6 1.7 1.8 1.9
  • Compatible with Commerce using on prem (EE) : 1.10 1.11 1.12 1.13 1.14
  • Stability: Stable Build
  • Description:

    - Added 'save info' payment action to save payment info on checkout without authorizing or capturing funds.
    - Improved Accept.js user experience. Errors and behavior will be better communicated, and 'two clicks to submit' behavior should be eliminated.
    - Improved Accept.js compatibility with some one-step-checkout extensions.
    - Fixed exceptions when billing multiple orders with address changes in a single request.
    - Fixed unintended extra card validation on update of a duplicate card on checkout.


Back to top
The best place to start if you need help with a specific extension is to contact the developer. All Magento developers have both a contact email and a support email listed.

Q & A

Back to top


Back to top