@TJPride, your info on DPM is out of date.
DPM or CIM are the ways to go since it gives you all three of your requirements.
It is NOT true that DBM collects credit card data on your site. What happens is that your site provides the "please enter your credit card number" page to the customer's browser. BUT, the page's post url is to Auth.net servers. This means that the card data is never sent to your site, not even for an instant.
Picture of the data flow from the DPM docs

AIM, on the other hand, sends the card data back to your server. Your server then "turns around" and sends the card data onward to Auth.net. Essentially, your server acts as a proxy to the Auth.net servers. Even if you never store the card data in a database, the card data is still present on your server. This means, according to current PCI, that your server is in the PCI envelope.
(It used to be that if your server merely transited the data--using AIM or equivalents from other gateways--that your server was not covered by PCI. But that is NO LONGER the case! PCI folks are not dumb, they realize that if your system is compromised, the card data could be intercepted.)
There are still lots of people laboring under the impression that if they use AIM, their server is not covered by PCI. They are all wrong.
An alternative is to use CIM--but only if you use the new CIM option of "Hosted CIM" See page 8 of the doc
Use CIM if you want to store the customer's credit card so they don't have to re-enter it the next time they want to purchase something. I use CIM for re-billing my customers monthly. -- I can't use ARB since the billed amounts vary.