We are already integrated with Authorize.net AIM but would like to reduce PCI scope. We looked at the SIM integration method but were surprised that it's not responsive and honestly is not very attractive. Then we looked at the Accept.js solution but that solution (to our understanding) doesn't reduce our PCI scope as much as say a Stripe.js. We are currently looking at Spreedly but honestly that seems really strange that we'd have to resort to a separate company altogether. Am I just totally missing something?
As you've discovered, you can move to Accept.js and build your own form. We are working on solutions to replace SIM that provide will be both responsive and help meet PCI DSS SAQ A, but that will coming in the next few weeks.
I would suggest having a conversation with your QSA or merchant account provider. These solutions help meet PCI DSS requirements but you'll need to discuss with an expert on what is best for your organization.
Here are two articles that discuss this specifically:
Here are some other resources that help clarify:
It is also important to note that both SAQ A and SAQ A-EP only apply to e-commerce transactions and do not apply to card-present situations (see that last article from the PCI Standards Council).
At this point, it appears that only the SIM hosted payment page can help you reach SAQ A compliance, so we all anxiously await the SIM replacement hosted page that will be responsive and mobile-friendly.
PS - I am not a PCI expert so it is advisable to do your own research. (That's my CYA, which is apparently the name of the game these days.)