Reply
Contributor
Posts: 12
Registered: ‎03-31-2012

Indirect Post using DPM and PCI Compliance

If I use the DPM API, but instead of posting back directly to the Authorize.NET server, I post back to my own server and then relay the post to the Authorize.NET server, is this breaking PCI compliance?

 

Note that I'm not storying the info anyway. I'm just posting it behind the scenes to prevent the user's browser from bouncing around.

 

Thanks.

Expert
Posts: 4,525
Registered: ‎03-08-2010

Re: Indirect Post using DPM and PCI Compliance

What you describe is AIM. Is not the it breaking PCI compliance, all API have some level of PCI compliance.

Contributor
Posts: 12
Registered: ‎03-31-2012

Re: Indirect Post using DPM and PCI Compliance

Thanks for the reply but I'm a little unsure about your response.

 

I am using the DPM API. But the intent of that API is that the page is posted directly to the Authorize.NET server.

 

What I'm doing instead is using AJAX to post it back to my own server, and my server then simulates a post to the Authorize.NET server.

 

If I store the credit card number in my database, then I must be PCI compliant. But if I simply route it through my server this way, without storing it to permanent storage, then I want to make sure PCI compliance is not required.

 

Thanks.

Expert
Posts: 4,525
Registered: ‎03-08-2010

Re: Indirect Post using DPM and PCI Compliance

If you look at the documentation. They are all(DPM, SIM, AIM) point to the same URL https://secure.authorize.net/gateway/transact.dll or https://test.authorize.net/gateway/transact.dll.

The different it how they work.Look at the "See how it works" pic on all three, and you will see.

 

If CC info going to your server is AIM. Doesn't matter if you save it or not.

Michelle have a blog on it PCI and You