I have implemented the DPM using PHP, and everything seems to be working well in test mode.
However, I think I just realized a major shortcoming of this approach, so I wanted to see if someone could verify that I am right.
The problem I see is that when there is a problem with the user's submission (mistyped card number, for example), there is no way to repopulate the checkout form with the values the user entered the first time so that they can merely correct the problem rather than completely reentering the data. With the card processing being done totally on the merchant server or totally on the authorize.net server, this is a simple task of populating the default form field values with the post data, but this data is lost in the process of making the round trip between the merchant server and the authorize.net server. Is there a way around this while still avoiding the need for full PCI compliance?