cancel
Showing results for 
Search instead for 
Did you mean: 

Does Direct Payment Method requires PCI Compliance on Merchants webserver?

We currently use AIM and our plan is to switch to SIM because of PCI Compliance. Though, I found as a solution Direct Payment Method (DPM) where looks like visitor never left our website. After submitting the form, submitted goes to Authorize.Net, but, since the form is on our server (even as a snippet) are we still PCI Compliance required?

apasalic
Contributor
1 REPLY 1

With DPM, no credit card information actually passes through your server, so you're not responsible for credit card security. However, the PCI password security rules still apply, since anyone who gets into your hosting can just set up a page on their own site and then modify your page to forward to them instead of Authorize.net. Security really starts and ends with your hosting, regardless of what merchant system or API method you're using.

TJPride
Expert