cancel
Showing results for 
Search instead for 
Did you mean: 

Combine DPM and CIM?

Is it possible to combine DPM and CIM?

I am new to authorize.net?

 

requirements:

1)  Own web page to take the credit card data that is want my own look and feel and url. We already have SSL.

2) I do not want to store the credit card info in my own DB.

3) Re-ocurring billing as customer is billed monthly based on number of customer's active users.

Customer can increase or decrease number of users. Hence per month amount can change. (It is a hosted service)

 

based on what I have read so far, I should be using CIM. Please suggest if I am missing something?

 

DPM looks very easy to use. Can we combine CIM and DPM?

 

zweb
Member
10 REPLIES 10

No. DPM and CIM are not currently compatible. DPM is an alternative option to AIM and SIM. If you wish to store credit card information using Authorize.Net you still need to use CIM and it;s own API.


-------------------------------------------------------------------------------------------------------------------------------------------
John Conde :: Certified Authorize.Net Developer (Brainyminds) :: Official Authorize.Net Blogger

NEW! Handling Authorize.Net's Webhooks with PHP

Integrate Every Authorize.Net JSON API with One PHP Class (Sample code included)

Tutorials for integrating Authorize.Net with PHP: AIM, ARB, CIM, Silent Post
All About Authorize.Net's Silent Post
stymiee
Expert
Expert

I'll echo the need for some "hypothetical API" that somewhat refers to the OP's DPM + CIM combo:

 

  1. A hosted page on Auth.net that collects CIM data for merchant, identified by some "id" (aka 'transaction id')
  2. if/when a transaction is needed, only this reference is used

I'm also new to Auth.net (literally less than 24 hours) and am still going through integration docs/options, so if anyone has some advice, it would be greatly appreciated.

 

It's really avoiding as much PCI overhead as possible more than a technical/integration/api matter....in the above, "everything' that has to do with sensitive information collection is conceivably done at Auth.net (not at merchant site/server). I guess another way of looking at it is :

  • DPM "auth only' + CIM....
EdSF
Member

Hey there,

 

Completely agree, and trust me, it's something we've brought to our development teams attention. Thanks for the feedback! I'll pass yours on as well. :smileyhappy:

 

Thanks,

 

Michelle

Developer Community Manager

Hear hear!  CIM and DPM both deal with limiting a merchant's exposure to sensitive data, but in two different ways.  CIM + DPM would completely eliminate any access a merchant has to cardholder data.  PCI applies "wherever account data is stored, processed or transmitted".  With a CIM + DPM solution, the merchant would be doing none of these things, meaning PCI would in theory not apply.  When can we get this?  We are currently using authorize.net but we will likely switch soon to another provider because authorize.net has no complete PCI solution. 

This would be a very helpful feature for us too. Do any other providers currently have this feature?

It appears that the CIM process now has a hosted option.  It does look like a way to get out of the business of collecting card info and creating payment profiles.  However, it seems like such a heavyweight solution.  The integration effort into an existing checkout process does look a bit clunky as well.   What Auth.Net really needs is a "repeat payment" transaction type.  Pass in a transaction ID and amount and let Auth.net create a new auth_only or sale transaction based on the card information used for that transactionid that was passed in.  It's a nice, simple way to do a payment profile without all of the extended gyrations of the CIM API.  It wouldn't jeopardize a site's PCI compliance either, just a nice simple approach to tokenization.

 

-Marc

Yes, as you noticed, we just released a new hosted option for CIM. You can see the announcement here. This will allow you to establish a hosted connection for CIM, which should help with PCI DSS compliance.

 

Thanks,

 

Michelle

Developer Community Manager

Hi Michelle,

 

Unfortunately the hosted CIM option is not quite right for us. We want to control the entire payment experience (the same use case as DPM), but we would like to be able to store credit cards in CIM for later use.

 

One of these two implementations would be great:

 

1)  DPM has a 'save this user' parameter to save the card into the user's CIM record along with the purchase

or

2) There is a new API to POST a new card to a CIM.

 

Or basically..anything that would allow us to control the entire payment experience. We're using a limited web browser embedded into a video game, so we have to carefully control the UI.

 

If it makes it easier for you guys to implement, we could create the CIM record from our server first, and then use the web form to POST the credit card to it for later use.

 

At the moment this is the only thing stopping us from using authorize.net as our gateway.

 

-cliff

Any particular reason why you can't use CIM instead of hosted CIM? You're still not storing the credit card data locally, but it gives you total control over the process.