cancel
Showing results for 
Search instead for 
Did you mean: 

AIM and ARB regarding PCI

Trying to get an understanding of the PCI scope I am putting myself in by integrating ARB, which as I understand, can only be truely integrated through AIM. It would seem that since the page where they will be created will need to post to my server first, then to Auth.net to create/update/delete ARB transactions as opposed to using Direct Post which gets posted straight to Auth.net.

 

Am I overthinking the risks invloved with fully integrating ARB with my site. I am trying to avoid using DPM to create the initial transaction, then manually going in and creating the subsctiption through the admin interface.

 

Thank you.

gazthrak
Member
1 REPLY 1

1)AIM and ARB are seperate API, you can use one without the other.

And yes both AIM and ARB will have the customer CC info on your server before send it to authorize.net

 

Read these 2 blogs on PCI

http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/PCI-and-You/ba-p/10628

 

http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/PCI-SSC-releases-E-comm...

Guidelines-Information-Supplement/ba-p/33104

RaynorC1emen7
Expert