cancel
Showing results for 
Search instead for 
Did you mean: 

SIM and Accept Hosted. Please explain how it works

Hello,

 

A few questions:

 

1. We are currently using Simple Checkout. Is there a way to get a header image there?

 

2. SIM and Accept Hosted method. I don't quite get it. Does it work in the same way as PayPal buttons, in that the actual processing of the payment is done thru authorize.net as opposed on your website, and you therefore don’t need to be PCI compliant?

 

What's the difference between SIM and Accept Hosted?

 

thanks

cwork
Member
2 REPLIES 2

Authorize.Net Accept Hosted is a mobile-optimized, PCI DSS SAQ-A compliant solution for accepting payments. Accept Hosted is a replacement for SIM with many advantages, including the freedom to accept payments while reducing PCI scope and development efforts.

 

More details on Accept Hosted at https://developer.authorize.net/api/reference/features/accept_hosted.html 

 

 





Send feedback at developer_feedback@authorize.net
Anurag
Moderator Moderator
Moderator

SIM was replaced by Accept Hosted. The difference (oversimplified):

 

Under PCI 3.2 SIM is SAQ A-EP because the browser is posting personal data to the payment form.

 

To load a SIM hosted form, your server created a time-based token that was embeded in the form along with the users personal data to be posted to the SIM form. This token was then embedded in the form by Authorize.NET to be posted with the payment. Upon payment completion, the payment URL posted the user back to your own website, thus completing the transaction based upon the post variables returned.

 

Under PCI 3.2 Accept Hosted is SAQ A because the browser is only posting a nonce token to the payment form.

 

To load an Accept Hosted form, you have to post user data from your server to Authorize.NET (CURL, WebRequest, OpenURI, cfhttp, etc.) to retrieve a nonce token. Drop this token in a form and post it (via User Interaction) to the Accept Hosted form. The form will validate the token and render the payment form with the user data you posted earlier from server to server. Upon payment completion, Authorize.NET will send you to their receipt. If you want to show your own custom receipt, you must embed the Accept Hosted form in an iframe, use the iframe communicator, and redirect the user to a receipt upon certain listening conditions.

 

 

I should add that SIM posts confirmation information back to your server via POST in the users browser. Accept Hosted relies on Silent Post or Webhook listeners.

NickL
Member