I have read through the numerous posts regarding CIM/ARB but still am not sure which is the best approach for my customer. I guess I need an explanation broken down to 'entry level'. Please be patient.
We have set up one-time eCheck payments using SIM as we do not want responsibility to secure banking information on our servers. We now want to expand the service to provide the option of recurring payments.
Our 'vision' is a process where a customer can access a site; select a 'recurring' payment option; enter their banking information; have the first payment draft and a schedule set to automatically draft future payments without us having to retain the banking information. Ideally, no additional manual intervention would be necessary. We would, of course, provide the customer with the schedule of payments and the ability to authorize the schedule.
My customer brings up the CIM option. I'm sure this is because, similar to SIM, we would not have responsibility to secure banking information. I'm unsure, however, how the customer information is entered for CIM. Is there a hosted 'payment form' similar to SIM? Also, from what I've read, it appears CIM is designed to provide a returning user with their stored banking information so they won't have to re-key. We're definitely looking to automatically draft a bank account on an established schedule. It appears ARB will do this, however, it's still unclear where the sensitive banking information is retained.
Can someone outline the most streamlined and automated approach for us to achieve our 'vision'?
ARB has you collect the credit card data through your site, so that's out if you want something at the same PCI level as SIM. Same with regular CIM. Hosted CIM, however, will do what you need. The forms where people enter their sensitive data are hosted on Authorize.net and linked off your site usually using iframe popups. Only the profile ID's need to be stored on your end, so you can later process charges against them.
What programming language are you using?
Yes, Hosted CIM will do what you want.
The sensitive data is entered by the customer directly into a web form from Auth.Net. (Same as SIM.)
Your sw gets an id back that you can immediately and/or later use to make charge(s) against the payment info that was entered into the CIM system.
To get the "recurring" system to work, you will need to program your sw to periodically charge the appropriate customers the appropriate amounts using the CIM ids that you've stored. Writing such a program is very doable if you have the right skills.
It is not a trivial amount of work since you need to ensure no dup charges; enable account add/change/delete updates; track the customers' effective date (or re-bill everyone on the first of the month); track failed charges (happens when the payment info doesn't work), etc.