Authorize.net – Difference Between #SIM vs #AIM vs #CIM vs #DPM


The AIM module accepts the credit card info directly on your site and then passes it securely to the gateway in the background.

It has a tighter handshaking between your store and the gateway service than SIM, and typically has faster response times.

How Advanced Integration Method (AIM) work

How Advanced Integration Method (AIM) work

Advanced Integration Method (AIM)

Developer’s Checklist

Design and Build:

  • Cart Page
  • Payment Page
  • Thank You Page
  • Error Pages
  • Form Handler to Leverage SDK

 

AIM does not redirect the user to the Authorize.net site while SIM does

AIM requires that you have an SSL certificate while SIM does not

AIM allows for better site design than SIM

AIM is better for bigger sites while SIM is more appropriate for smaller sites

SIM – should only be used if your site doesn’t have any SSL support. Strongly recommended to use AIM instead.

AIM sends the card data back to your server. Your server then “turns around” and sends the card data onward to Auth.net. Essentially, your server acts as a proxy to the Auth.net servers. Even if you never store the card data in a database, the card data is still present on your server. This means, according to current PCI, that your server is in the PCI envelope. It used to be that if your server merely transited the data–using AIM or equivalents from other gateways–that your server was not covered  by PCI.  But that is NO LONGER the case! PCI folks are not dumb, they realize that if your system is compromised, the card data could be intercepted.)

There are still lots of people laboring under the impression that if they use AIM, their server is not covered by PCI. They are all wrong.

An alternative is to use CIM–but only if you use the new CIM option of “Hosted CIM”

Use CIM if you want to store the customer’s credit card so they don’t have to re-enter it the next time they want to purchase something. I use CIM for re-billing my customers monthly. — I can’t use ARB since the billed amounts vary.

SIM allows the credit card number to be passed on the Authorize.net site, the main site does not have to be as secure. When choosing to utilize AIM, you would need to ensure that your site is secure enough. Among other things, you need to have an SSL certificate, which identifies that the site is not a spoof.

Although SIM is rather great as it removes the complexity from your site, it does have its own drawback. Since the user is redirected to another site, there is some loss of continuity to the flow of the site. And despite the ability to configure the page, the user doesn’t have complete control of the page as it is located in the Authorize.net site. This may be enough to turn off some customers to the site and doubt its authenticity.

Both AIM and SIM works perfectly for online payments and it does not really matter much in the end. You can have either and still have a fully functional payment portal. But one can be better suited than the other for a specific site. For smaller sites, SIM is better as it can offload much of the security requirements off the site. For bigger sites, AIM is better as a higher level of security is already expected anyway.

Quick Links

Cyber security, also referred to as information technology security, focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction.

Advertisements