If I use the DPM API, but instead of posting back directly to the Authorize.NET server, I post back to my own server and then relay the post to the Authorize.NET server, is this breaking PCI compliance?
Note that I'm not storying the info anyway. I'm just posting it behind the scenes to prevent the user's browser from bouncing around.
Thanks for the reply but I'm a little unsure about your response.
I am using the DPM API. But the intent of that API is that the page is posted directly to the Authorize.NET server.
What I'm doing instead is using AJAX to post it back to my own server, and my server then simulates a post to the Authorize.NET server.
If I store the credit card number in my database, then I must be PCI compliant. But if I simply route it through my server this way, without storing it to permanent storage, then I want to make sure PCI compliance is not required.
The different it how they work.Look at the "See how it works" pic on all three, and you will see.
If CC info going to your server is AIM. Doesn't matter if you save it or not.
Michelle have a blog on it PCI and You