Reply
Contributor
apasalic
Posts: 16
Registered: ‎11-23-2011

Does Direct Payment Method requires PCI Compliance on Merchants webserver?

We currently use AIM and our plan is to switch to SIM because of PCI Compliance. Though, I found as a solution Direct Payment Method (DPM) where looks like visitor never left our website. After submitting the form, submitted goes to Authorize.Net, but, since the form is on our server (even as a snippet) are we still PCI Compliance required?

TJPride
Posts: 1,609
Topics: 15
Kudos: 178
Solutions: 121
Registered: ‎06-23-2011

Re: Does Direct Payment Method requires PCI Compliance on Merchants webserver?

With DPM, no credit card information actually passes through your server, so you're not responsible for credit card security. However, the PCI password security rules still apply, since anyone who gets into your hosting can just set up a page on their own site and then modify your page to forward to them instead of Authorize.net. Security really starts and ends with your hosting, regardless of what merchant system or API method you're using.

---------------------------------------------
I am no longer providing support for Authorize.net, until such time as their policy reverts back to allowing gun sales. Sorry, all.

Like my solution? Give me a kudos by clicking the star at the bottom of my post!

Test accounts are not the same as test mode. Always use Authorize.net accounts in live mode; use a sandbox account if you want to test your code without processing real transactions.