> Because the credit card form isn't actually on your site and the data
> isn't processed by your site.
http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Direct-Post-Method-DPM/bc-p/10804
That page says the opposite about the credit card form.
Quote:
How it Works
Understanding how DPM works is very straightforward. Simply create a webpage with a credit card form, and post it to Authorize.Net's endpoint. Just add Authorize.Net's URL as the 'action' on the form
|
Then in the comments it is stated that DPM "reduces scope of PA-DSS", but it doesn't take "out of scope".