We’re not surprised that we get asked about Authorize.net for WordPress eCommerce frequently, as it provides a lot of flexibility in processing options and integrates easily with many merchant accounts. However, there are several options and we get this question a lot: “Which Authorize.net payment gateway version should I use?”
There are a lot of options (AIM, SIM, CIM, etc) and it’s tough to be sure which one is right for your store. PCI compliance is also a concern for some merchants, though Authorize.net does not require merchants to be PCI compliant (you simply get charged a monthly fee for non-compliance).
Here we’ll discuss what each version does, and we’ve got a chart at the end that shows which versions are available for each WordPress eCommerce plugin.
Which Authorize.net Version is for me?
There are four major versions of Authorize.net payment gateways available for purchase to integrate with your WordPress eCommerce store. So which Authorize.net plugin is right for you? Below is an overview of what each version does, and which are available for each eCommerce platform. Authorize.net also provides a comparison chart for most of these integration methods.
The only integration that is PCI compliant is the DPM version. The SIM implementation can be PCI compliant depending on how it’s implemented – if payments are routed through your servers and an SSL is needed, than it’s not. If payments are routed through Authorize.net and you have no need of an SSL certificate, then the integration you’re using is most likely PCI compliant – always ask the author if you’re not sure.
We’ve covered this a bit when we talked about WooCommerce Payment Gateways, but basically WordPress integrations cannot be totally compliant unless they (1) direct payment through the processor’s servers via a hosted or iframed page, or (2) tokenize information before posting it to your servers (as Braintree and Stripe can).
The AIM API provides the most common integration for Authorize.net. Typically, if the integration method is not specified, it’s using the AIM API. This version of the integration allows for the most seamless checkout, as it keeps customers on your site and supports mobile checkout, but therefore requires an SSL certificate to be used.
Some AIM implementations also support ARB (Automated recurring billing), which allows you to set up recurring transactions for an additional $10 per month. Customer payment information is saved on Authorize.net’s servers for security and you can manage these recurring payments from your Authorize.net control panel.
SIM is an older implementation for Authorize.net that typically allows you to accept payments via Authorize.net’s servers. Customers payment information is entered into a hosted form that sends payments through Authorize.net’s servers so that merchants typically do not need an SSL certificate.
SIM integrations also typically allow for Authorize.net emulation. Some payment processors, such as eProcessing network and Chase Paymentech, build systems that mimic how Authorize.net works so that adoption of their service is easier. Using Authorize.net SIM will typically allow you to enter a URL that your processor gives you so that you can use their processing rather than Authorize.net’s.
Note that you should check with the seller to see how the SIM integration works, as there are several ways of implementing it. For example, I know the WooCommerce version of SIM is included in the Authorize.net AIM extension and supports Authorize.net emulation, but does not route payments through Authorize.net’s servers. An SSL certificate is therefore required and it’s not a PCI compliant integration.
Authorize.net CIM is a $20 per month add-on service for your Authorize.net account that allows you to tokenize and store customer payment information on Authorize.net’s secure servers. This helps you to do a couple of different things. First, CIM helps to process payments for returning customers with saved cards, as cards are saved securely on Authorize.net’s servers for reuse and your store simply uses a ‘token’ tied to that card to process payments. This greatly reduces friction at checkout for your returning customers since they don’t have to continuously enter payment details.
CIM is also sometimes used for recurring transactions, as the tokenized information can securely be called upon for renewals. For example, WooCommerce Subscriptions integrates with CIM rather than ARB. This provides more flexibility in terms of payment intervals, as you’re not subject to the limits in billing periods and trials set by the ARB implementation (which usually require trials to be set using the same period as renewals – i.e., both in terms of months). Using CIM avoids this nuisance by allowing another plugin to set the transaction schedule.
The DPM integration of Authorize.net typically uses a hosted pay form that sends payment details directly to Authorize.net rather than routing them through your servers, which means that you don’t have to worry about security. SSL certificates are recommended, but not required, for this integration. The benefit to using this method is that customers appear to remain on your site for checkout, but payment details are not processed by your website’s servers.
Not sure which is available for your platform? Here’s a comparison spreadsheet of which versions are available and links to purchase if you need an integration.