One of the advantages of Authorize.net's CIM is that no PCI-DSS certification is necessary, as per their website & the aMember documentation. However, the plugin within aMember 'Use Hosted Version' option requires https. So a certificate is needed but not necessarily PCI-DSS compliance? Thanks for any provided explanation.
The answer is yes to both. You need SSL certificat and do not require PCI-DSS. Actually it is not same things at all. You do not need PCI-DSS because of in case of hosted version of integration with autorize.net CC info do not processed or stored on your server at all. Customer submit his CC info directly to authorize.net server and authorize.net handle it. In order to support such architecture iframe technique is used but modern browser do not allow to communicate site with iframe if your site is not https but site in iframe is https (authoreze.net should be served via https).