Hopefully I will be brief, but not so brief to be useless.
I am switching our webstore over to to use authorize.net rather than handle our own credit card processing.
While I doubt I am going to get all of the flexibility I would like, not having to track my own PCI compliance will be well worth it, but I'm overwhelmed by the sheer number of choices and I cannot find out certain information about the "backend" of the credit card processing.
If I may, let me start with my details and then move onto my questions:
My questions are:
Solved! Go to Solution.
05-26-2011 04:11 PM
In order to minimize PCI compliance issues and have card numbers go directly to authorize.net, there are really 3 options. The first two are Server Integration Method (SIM) and Direct Post Method (DPM). Both SIM and DPM have very similar capabilities and are both designed for one time payments. When running a transaction using either of these methods, the Authorization is run immediately and cannot be modified later. It is only possible to capture that authorization for the same amount or less than was originally requested.
The other option that is availabie is to use the Customer Information Manager (CIM) with the newly available hosted forms. CIM allows you to tokenize the customer's payment information and then use that token to generate additional transactions at a later time. This would not allow you to modify the initial order, but it would allow you to create a second order if you needed to add more items.
The backend options are essentially the same regardless of what method you use. You will have access to the virtual terminal for keying in transactions and the same information will be available in the transaction history. The one difference is that if you use CIM, you will be able to lookup customer payment profiles and manually initiate charges against those profiles.
05-31-2011 02:46 PM
In order to minimize PCI compliance issues and have card numbers go directly to authorize.net, there are really 3 options. The first two are Server Integration Method (SIM) and Direct Post Method (DPM). Both SIM and DPM have very similar capabilities and are both designed for one time payments. When running a transaction using either of these methods, the Authorization is run immediately and cannot be modified later. It is only possible to capture that authorization for the same amount or less than was originally requested.
The other option that is availabie is to use the Customer Information Manager (CIM) with the newly available hosted forms. CIM allows you to tokenize the customer's payment information and then use that token to generate additional transactions at a later time. This would not allow you to modify the initial order, but it would allow you to create a second order if you needed to add more items.
The backend options are essentially the same regardless of what method you use. You will have access to the virtual terminal for keying in transactions and the same information will be available in the transaction history. The one difference is that if you use CIM, you will be able to lookup customer payment profiles and manually initiate charges against those profiles.
05-31-2011 02:46 PM
Thank you very much for the detailed and helpful reply!
Your answer confirms what I had figured to be true, but it is nice to hear confirmed.
At this point, I'll keep things simple and use CIM, though no doubt I will be adding that fairly soon.
I could not find any particular technical advantage over SIM vs DPM, so I've been looking at using DPM. (Other reading suggests that SIM isn't a good option for shared hosting plan since data passes 'through' servers that may not be fully DCI compliant. DPM seems to be a 'sure' thing since the post goes directly to authorize.net.)
Thanks for confirming that the back-end is the same regardless of SIM vs DPM so I won't be locking myself out of some needed feature by front-end choice.
06-01-2011 09:53 AM