Authorize.net

Authorize.net

Authorize.net scripts embed hosted payment forms and tokenize card data on checkout pages. Payment credentials are submitted directly to Authorize.net's servers without passing through the merchant's backend, enabling PCI-compliant transaction processing for e-commerce.

Back to Vendor Library

Overview

Authorize.net is a payment gateway owned by Visa that enables e-commerce websites to process credit card and electronic check transactions. It is one of the oldest and most widely used payment gateways in North America, processing billions of dollars in transactions annually. When integrated into a checkout page, Authorize.net's scripts handle the sensitive task of collecting, tokenizing, and transmitting payment card data directly to Authorize.net's servers, keeping the merchant's own backend out of scope for PCI DSS compliance.

Authorize.net supports multiple integration methods, from simple hosted payment forms (Accept Hosted) to embedded JavaScript tokenization (Accept.js), giving merchants flexibility in how payment collection appears to their customers.

What This Script Does

When Authorize.net is integrated on a checkout page, the following occurs:

  • Payment form rendering: Depending on the integration method, Authorize.net either loads a hosted payment form in an iframe or provides JavaScript (Accept.js) that tokenizes card data entered into the merchant's own form fields.
  • Card tokenization: The visitor's credit card number, expiration date, and CVV are captured and immediately tokenized — converted into a one-time-use payment nonce that the merchant's server can use to complete the transaction without ever handling raw card data.
  • Fraud detection: Authorize.net collects device fingerprint data (browser type, screen resolution, timezone, installed plugins) to feed into its fraud detection and risk scoring systems. This helps identify potentially fraudulent transactions.
  • Direct server communication: Payment data is transmitted directly from the visitor's browser to Authorize.net's PCI-compliant servers over encrypted HTTPS connections. This direct communication is a core security feature.
  • Session management: The scripts may set session-related cookies or tokens to maintain the payment flow state during the checkout process.

Authorize.net scripts handle only payment-related data and do not perform marketing tracking, behavioral profiling, or cross-site identification.

Consent & Compliance

Payment processing scripts like Authorize.net fall into the "strictly necessary" category under virtually all privacy frameworks. The ePrivacy Directive explicitly exempts services that are strictly necessary to provide a service explicitly requested by the user — and completing a purchase that the visitor has initiated clearly qualifies.

The device fingerprinting for fraud detection is integral to the payment processing service and is required by payment industry regulations (PCI DSS). This fraud prevention functionality is inseparable from the payment service itself and does not require separate consent.

Authorize.net is PCI DSS Level 1 certified, the highest level of payment security certification. Its scripts are specifically designed to reduce the merchant's PCI compliance burden by ensuring raw card data never touches the merchant's servers.

Should You Block This Without Consent?

No. Authorize.net is an essential payment processing service. Blocking it would prevent customers from completing purchases. Payment processing scripts are universally recognized as strictly necessary and exempt from consent requirements.

Visit website

Consent Categories

Essential

Also Known As

Authorize.net gatewayAuthorize.net paymentVisa Authorize.netAccept.jsAuthorize.net checkout

Industries

Computers Electronics and Technology

Tracked Domains (1)

authorize.netEssential

Frequently Asked Questions

Is Authorize.net exempt from cookie consent requirements?

No. Authorize.net is a payment processing service that customers actively initiate during checkout. Payment scripts and any fraud detection device fingerprinting are strictly necessary to complete the transaction the visitor requested. The ePrivacy Directive's consent requirements do not apply to essential payment processing.

How does Authorize.net handle card data without exposing it to the merchant's server?

Authorize.net tokenizes card data directly in the visitor's browser before transmission. The Accept.js script or hosted payment form captures card details and converts them to a one-time payment nonce sent to Authorize.net's PCI DSS Level 1 servers, so raw card data never touches the merchant's backend.

How does ConsentStack treat Authorize.net?

ConsentStack classifies Authorize.net as essential and never blocks it. Preventing payment scripts from loading would stop customers from completing purchases. ConsentStack recognizes payment processing as strictly necessary and ensures Authorize.net loads on all pages regardless of a visitor's consent choices.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Authorize.net

ConsentStack automatically detects and manages Authorize.net trackers so your site stays compliant with global privacy regulations.

Get started free