I wanted to use SIM as it appears it would relieve me of many cc security responsibilities.
However, it seems from reading through much of the community that In order to process the merchants database immediately based upon transaction success/failure codes that AIM is the only practical solution.
I've read when AIM is implemented that customers never leave the merchants website and therefore the website can be coded to immediately do anything based upon transaction return codes etc.
With SIM using Relay Response - your custom URL that receives results via HTTP POST - which BTW, only will work with a standard HTML form - no <form> tags like aspx - your URL and customer are rendered and redirected respectively at the Authnet server. Therefore, it seems that it would take a round about method like onload events etc. at the authnet server to have programmatic responses occur based on transaction results.
Can I get some verification or correction if I'm wrong of my above observation before I move forward?
Thanks,
Ben
12-09-2009 07:53 AM
Believe it or not your security responsibilities when using AIM are not tremendous at all. The biggest thing you'll need to be concerned with is making sure your payment page is secured using SSL. Naturally making sure your customers' credit card and personal information is secure is paramount to you and to them.You'll also need to make sure your server is secure but if you're using shared hosting that will fall on to the shoulders of your webhost and an email to them should be able to tell you if they are PCI DSS compiant. If they're not and don't plan to be thn a new host would be required.
After that you'll only really need to be concerned with security if you plan on storing credit card information for later use. If you plan on processing the credit card immediately and then discarding the information you don't have anything to worry about as the information is gone when the transaction is complete. If you do plan on storing the information you should be using the CIM API as that handles the storing of the credit card information for you. That relieves you of the bulk of the PCI compiance issues that arise from storing credit card information.
If getting an SSL certificate or finding a PCI compliant host is not something you can, or want, to do then use SIM to process credit cards. Otherwise AIM is definitely something you can handle from a security point of view and would almost certainly be easier for you to use.
12-09-2009 08:15 AM
12-09-2009 09:25 AM
AIM makes that process very simple as the user is never leaving your site so updating your database is easy to do. SIM requires you passing data back and forth which is a more tedious way of accomplishing the same thing. Both will work, but AIM is easier.
12-09-2009 09:28 AM
01-11-2010 07:40 PM
Apologies for commenting on such an old thred but it exactly covers my problem - but it seems not to have yeilded an answer? Did you get to the bottom of how to use SIM to trigger an event on the merchant side? I'm trying to red the post results of the receipt method to pick up the auth code to then initiate a db update and have also tried using the silent post url to do the same but neither 'feel' right and the receipt method i can't even get to work. I have waded through some excellent blogs from John Conde but I'm still stumped - did this thread ever bear fruit before I post a new one?
04-17-2013 01:10 AM
You need to use relay response. Look in the SIM documentation for the fields:
x_relay_response
x_relay_url
Then look in the DPM documentation in the coding sections towards the end (for instance, PHP) for good examples of how to set up a relay response page. DPM uses many of the same mechanisms and that guide is a lot clearer.
04-18-2013 09:13 AM