Updated 2/13/2018 with new End of Life date (5/31/2018) and sandbox disablement (3/30/2018)
When using our Customer Profiles feature to securely store your customers’ payment information on our Authorize.Net servers, you have the choice to pass payment information directly to our servers, or to have your customers interact with one of our profile management forms hosted on our servers. These hosted profile management forms help to avoid your direct exposure to payment card data (such as card numbers) and help reduce PCI-DSS scope while still providing the best possible end-user experience.
If you’re already using this feature, you need to be aware that our “Hosted CIM” forms (the older versions of these forms) will be disabled on March 30, 2018. To assist developers, we will disable Hosted CIM forms on March 31, 2018.
These older “Hosted CIM” forms have been replaced by our “Accept Customer” forms, a fully mobile-optimized, hosted solution for capturing payment information, which enables developers to leverage our Customer Profiles API while helping to maintain a SAQ-A level PCI-DSS compliance. Switching to the new Accept Customer forms is as easy as changing a single URL in your application.
“How do I know if I’m using your older forms?”
Whether you’re using the older Hosted CIM forms or our newer Accept Customer forms, you’re obtaining a form token from our API, and then using an HTML form in the browser to submit that form token to a URL for the specific form you want to use. Looking at this URL, you can tell whether you’re using the old hosted CIM forms or the new Accept Customer forms.
In most cases, all you will need to do to use the Accept Customer forms instead is to change the address to which your form token is posted from the old CIM form addresses to the new Accept Customer addresses.