Authorize.Net recently launched the Direct Post Method (DPM) which makes it faster than ever to take full control of the checkout process.
The Direct Post Method gives your merchants complete control over the pages related to the checkout experience. You can create your merchant's own checkout form and host it on their own server. If your merchant wants to add analytics to their page, they can. If they want to test different background colors, font sizes, live chat, or blinking text, go for it! You can design, tweak, and test your merchant's checkout forms as you would any other page on their site.
Sure, customizing checkout pages isn't a new phenomenon. But in the past, when a website hosted its own checkout form, it meant that the website would also be handling credit card numbers and other sensitive data. The Direct Post Method allows your merchants a fully customized checkout process without handling sensitive payment information. With DPM, all the user-facing content and forms are hosted on the merchant's site, and then you simply set the form to post to Authorize.Net's secure servers. Authorize.Net processes the sensitive cardholder data invisibly, and relieves some of the worries about security.
How it Works
Understanding how DPM works is very straightforward. Simply create a webpage with a credit card form, and post it to Authorize.Net's endpoint. Just add Authorize.Net's URL as the 'action' on the form, so
Just make sure the name of the input fields corresponds to the Authorize.Net API fields, (credit card number should be "x_card_num" for example). The full list of fields can be found in the Authorize.Net SIM Guide.
All of this happens behind the scenes. To the customer, the experience is seamless. All they do is click the "Submit" button on the checkout form, and the next page they see will be the merchant's own receipt page. As far as the customer is concerned, the domain name stays the same.
To summarize, the Direct Post Method offers a fully customizable checkout experience that's both easy to implement and secure.
I'm imagining you might have a couple questions right off the bat.
Q: "This sounds a lot like SIM. What's the difference?"
A: Yes, SIM is a great solution to reduce PCI compliance risk, but the default is for those pages to be hosted on Authorize.Net. With DPM, the merchant hosts the order page and receipt page every time, allowing for full customization. This modified payment integration method simply allows maximum flexibility while still reducing the PCI compliance burden of handling the customers' personal payment information.
Q: "Wait, what about security? I thought a form with sensitive information should be hosted on a secure site?"
A: Yes, it is recommended that the order and receipt pages are hosted on a secure server. Having the checkout and receipt pages hosted on a secure server provides the customer with peace of mind. While an SSL is not technically required for DPM, if your merchant wants their customers to see HTTPS in the browser, this means that the merchant will need an SSL certificate. If acquiring an SSL certificate and hosting pages over HTTPS is a blocking issue, you should consider SIM instead.
If you or your merchant need an even easier way to accept payments, there's the Simple Checkout Method. If you need a more advanced solution and are comfortable handling sensitive cardholder data, take a look at the Advanced Integration Method. If you want the best of both worlds, the Direct Post Method is for you.