Looking for advice for the best approach to integrate Authorize.net into a web site that does automated monthly billing, but not a true subscription system. The system we have in place is the customer signs up with a credit card and then based on their monthly usage they're billed accordingly, we also cover the case of a client that gets in dept we provide a one off pay feature to allow them to catch up and finally we cover the one off refund case. In none of these 3 scenarios do we make the customer reenter their credit card information, but in the two one off cases they can select from saved card entries. In the monthly billing case a customer may get billed $60, the next $40 and the next 2 months nothing, so it's not a true subscription.
Our company wishes to become PCI compliant, or as compliant as possible. We currently use ARB and store credit card information, but wish to get away from keeping CC information locally. We still need to control the credit data entry process as we need to track a primary card vs the one off use cards for catch up payments.
My question is what's the best integration method? We believe we need CIM for the credit card entry, with us just storing card user name and last 4 digits to allow the user to select the relevant card, but the charge mechanism is unclear. We don't want the user to ever have to enter the card information again, but instead rely on stored information. Would this best be served by AIM, SIM, DPM or do we have to stick with ARB? I believe ARB requires full CC information which would seem to mean it's out. Can anyone advise?
with CIM, you use the custom profile and their payment profile id to create transaction