I have a custom shopping cart on my site and want to keep the customer there during the checkout process. I looked at using AIM, but realized that if I processed the CC data using a script on my server and then sent the data to Anet, that my PCI scope in increased. Then, I read about using DPM to submit my payment form directly to Anet's servers. Am I correct in thinking this is the easiest way to go? Is it really as simple as setting my FORM ACTION to post to a URL with Anet???
When using DPM, is there a "response" code that will be sent back to a URL on my server telling the buyer the status of the transaction? Accepted, declined, processing errors, etc.???
DPM is certainly an option to reduce your PCI scope. With DPM, while the browser is waiting for a response after submitting the form, the results are given to you in an HTTP form POST to your server. Your server then replies to that post with values that Authorize.Net uses to generate a redirect page to serve back to the browser.
I'd like to point out another option, though, that might work better. For anyone considering DPM, we encourage you to look at our new Accept.js solution instead. It's a little more flexible, and you can implement it without this postback and browser redirect.
Details are in the Accept.js documentation, but if anything is unclear, please let us know!