Re: Authorize.net DPM (PA/DSS Compliant)
I think the concept behind this is the same as the Braintree Transparent Redirect:
The key thing isn't where the cc information is typed in; it's where and how information is sent. A customer's computer is completely outside of PCI scope, and they can type their cc numbers anywhere on their computer til the cows come home, with no problem. It's how and where the numbers are sent that makes the difference.
So they type it in their browser but instead of it being sent to your server, that information is sent directly to the gateway (Braintree / Authorize.net). Your hosting server never sees it.
X-Cart version 4.0.17
X-Cart version 4.0.18
Web servers = Apache
OS = Linux