Trying to get an understanding of the PCI scope I am putting myself in by integrating ARB, which as I understand, can only be truely integrated through AIM. It would seem that since the page where they will be created will need to post to my server first, then to Auth.net to create/update/delete ARB transactions as opposed to using Direct Post which gets posted straight to Auth.net.
Am I overthinking the risks invloved with fully integrating ARB with my site. I am trying to avoid using DPM to create the initial transaction, then manually going in and creating the subsctiption through the admin interface.
Thank you.
โ02-27-2013 12:12 PM
1)AIM and ARB are seperate API, you can use one without the other.
And yes both AIM and ARB will have the customer CC info on your server before send it to authorize.net
Read these 2 blogs on PCI
http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/PCI-and-You/ba-p/10628
Guidelines-Information-Supplement/ba-p/33104
โ02-27-2013 04:17 PM