cancel
Showing results for 
Search instead for 
Did you mean: 

Way to use ARB api when CC info is taken through DPM?

We've implemented our donor site using DPM, not realizing that it could not handle ARB.  My client wishes to remain PCI compliant, specifically SAQ-A.  SAQ-A requires that credit card information never touch the server in any way.

 

If I have the transaction id from DPM, is it possible to use the ARB api to set up recurring billing accounts? I know it can be done manually, but this needs to be automated.  I'm used to working with Braintree, which has excellent APIs available for minimizing your PCI exposure.  Is there any other way to use ARB without sacrificing PCI compliance?

bendavis78
Member
2 REPLIES 2

not thru the API, but can do it thru the merchant account interface, but it requires a successful transaction first.

RaynorC1emen7
Expert

So are you saying is that Authorize.NET does not have any way to automate recurring payments while staying PCI (SAQ-A)  compliant? This seems like a HUGE missing feature, Most (if not all) cloud hosting services do not offer PCI compliance guarantees. As soon as the credit card hits our server (even if we don't store it), we reach SAQ-D level, which means we would need to host a physical server on a network that we control. This is overkill for something like a small-town charity donation site, and can become extremely expensive for them if audited (disclaimer: I'm not a PCI compliance expert, this is only based on my current understanding).

 

Braintree exposes their entire API over their transparent redirect method, which makes it extremely easy to do this. I don't understand why Authorize.NET has to be so segmented in its feature set. I definitely won't be recommending Authorize.NET to any future clients.