11-23-2011 10:16 AM
We currently use AIM and our plan is to switch to SIM because of PCI Compliance. Though, I found as a solution Direct Payment Method (DPM) where looks like visitor never left our website. After submitting the form, submitted goes to Authorize.Net, but, since the form is on our server (even as a snippet) are we still PCI Compliance required?
11-24-2011 12:13 AM
With DPM, no credit card information actually passes through your server, so you're not responsible for credit card security. However, the PCI password security rules still apply, since anyone who gets into your hosting can just set up a page on their own site and then modify your page to forward to them instead of Authorize.net. Security really starts and ends with your hosting, regardless of what merchant system or API method you're using.