Direct Post is required for Aria clients who are not PCI (Payment Card Industry)-compliant and who collect credit card and Automated Clearing House (ACH-bank account) information from customers as part of the payment process. PCI compliance ensures that any system that accesses or stores payment data, such as credit card numbers or bank account numbers, is secure. Aria clients who build and host their own registration and user self‐service (USS) applications using Aria APIs must be concerned that any sensitive data entered by their customers is protected. Aria is certified as a PCI Level 1 Compliant system, indicating that Aria is recognized by the industry as a secure system for storing sensitive payment data.
Aria developed the Direct Post Payment Handler to secure those pages hosted by our clients, usually the "Form of Payment" page, that takes credit card and bank account numbers as inputs. Aria’s clients are able to host all pages in their Aria‐centered applications with full PCI security compliance because payment information is never seen, processed by, or stored on their systems. Credit card and bank account numbers entered on the "Form of Payment" page pass directly from the customer’s browser to Aria via encrypted post, without needing any pages hosted directly on Aria’s PCI compliant infrastructure.
You can create a Direct Post configuration set to define actions to be taken on an account when a customer performs payment-related transactions in your registration or USS application. This can be done in the Aria application or using the set_reg_uss_config_params_m API.