What is Server Integration Method (SIM)?
SIM (Server Integration Method) is a means to call our secure payment form using scripting on your Web server. SIM is designed to increase transaction security by:
• Validating the source of a transaction;
• Preventing the alteration of the transaction amount;
• Preventing replay attacks; and
• Increasing the difficulty of validating script-generated credit card numbers with the browser "Back Button" scheme.
SIM works by having the merchant's site create a unique fingerprint for every transaction that is submitted to Authorize.Net using four pieces of data and a shared transaction key that is stored both in a secure location on the merchant's website, and inside the merchant's Authorize.Net account.
The site then sends the fingerprint, the four pieces of data and the rest of the transaction details to Authorize.Net. We will then attempt to recreate the fingerprint with the four pieces of data and the transaction key stored in the account.
If Authorize.Net is able to recreate the fingerprint, it allows the customer to access our payment form to submit the transaction. If the Authorize.Net system cannot create an identical fingerprint the transaction will be rejected.
You may find SIM sample scripts at http://developer.authorize.net/samplecode