cancel
Showing results for 
Search instead for 
Did you mean: 

DPM/Simple Checkout and SSL/PCI compliance

I have a basic need to process a transaction, which is the ability for a borrower on a loan to pay an appraisal fee. No shopping cart, no saving of info.  Just go to the page, enter your info and your loan # and pay the fixed fee.

 

I am using a hosted website platform and I need something that doesn't require me to deal with PCI compliance.  From what I've read about DPM, it appears that using DPM means the website platform will not need to be PCI compliant, is this correct?


What about SSL?  Does my website platform need to use SSL for the payment page, or does SSL get handled via authorize.net servers as part of the DPM integration?

 

What about The Simple Checkout option? Each borrower must enter a unique loan # that has to be tagged with the purchase, and that didm't seem possible.

HDClown
Member
3 REPLIES 3

Regardless of which integration method that you use, you will always need to be PCI compliant.  Your choice of integration cannot remove the burden of compliance completely, it can only make the process as simple as possible.  From what you have described, it soundsl ike the Server Integration Method (SIM) is probably the best way for you to go.  SIM uses the same payment form hosted at Authorize.Net that is used by Simple Checkout, but it allows you to set the amount (and potentially the loan/invoice #) individually for each customer.

 

Because SIM used a payment form hosted by Authorize.Net and card details never pass through any page that you have developed, it severely reduces the amount of work needed by you to certify yourself as PCI compliant.

Trevor
Administrator Administrator
Administrator

If I understand correctly, with SIM, I would direct a buyer from my site, to an authorize.net hosted website (URL) and form (they would completely leave my site)?  Do I understand this correctly?

Yes. I think he means you'd still be responsible for password security, since if someone gets into your hosting they can still change your payment method and intercept credit cards that way.