Reply
Member
Posts: 1
Registered: ‎02-27-2013

AIM and ARB regarding PCI

Trying to get an understanding of the PCI scope I am putting myself in by integrating ARB, which as I understand, can only be truely integrated through AIM. It would seem that since the page where they will be created will need to post to my server first, then to Auth.net to create/update/delete ARB transactions as opposed to using Direct Post which gets posted straight to Auth.net.

 

Am I overthinking the risks invloved with fully integrating ARB with my site. I am trying to avoid using DPM to create the initial transaction, then manually going in and creating the subsctiption through the admin interface.

 

Thank you.

Expert
Posts: 4,525
Registered: ‎03-08-2010

Re: AIM and ARB regarding PCI

1)AIM and ARB are seperate API, you can use one without the other.

And yes both AIM and ARB will have the customer CC info on your server before send it to authorize.net

 

Read these 2 blogs on PCI

http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/PCI-and-You/ba-p/10628

 

http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/PCI-SSC-releases-E-comm...

Guidelines-Information-Supplement/ba-p/33104