Trying to get an understanding of the PCI scope I am putting myself in by integrating ARB, which as I understand, can only be truely integrated through AIM. It would seem that since the page where they will be created will need to post to my server first, then to Auth.net to create/update/delete ARB transactions as opposed to using Direct Post which gets posted straight to Auth.net.
Am I overthinking the risks invloved with fully integrating ARB with my site. I am trying to avoid using DPM to create the initial transaction, then manually going in and creating the subsctiption through the admin interface.
Thank you.
