We currently implement SIM method. We want to switch to AIM method for the following two reasons:
1) To reduce the number of transaction errors. One of the errors we have been receiving quite a few times is the script time out error. My assumption is that with the AIM method the transaction errors are reduced.
2) To make it so that we can display the error in the checkout form such as wrong credit card number, avs mismatch etc. Currently when an error occurs the receipt page is shown with an error and the button "Re-Checkout" should be clicked in order to again re enter all credit card information by the user. We want to make it so that only required invalid fields need to be refilled when a checkout error occurs. Is this possible to achieve by still using SIM? With the SIM the result is posted using relay response url so i have not been able to find a way to show the error in the same checkout page and also with the form partially filled. With AIM this is straight forward since the request never leaves the system and it is simple post request to the web application.
Now, if the above two fixes are not possible with SIM method then we want to switch to AIM method but my supervisor is concerned about the risk involved in switching to this new method. Since with the AIM method, the system accepts the credit card information, the concern is whether we are adding more risks involved with processing credit cards.
1) If we implement the AIM method then are there any standards that we must follow in order to lessen the risk involved with credit cards? Please note that we donot save credit card information in our system and we use https channel for communication. User needs to have credit card information everytime the user checks out.
I appreciate any help in this dilemma. Thanks a lot!