(in response to Kai)

The ARB system is not an on demand system. If you want to know that a card validates as real and has enough funding to pay for your subscription, then you must run a manual AIM request using AUTH_ONLY for the amount you wish to charge. Then if this comes back successful, run your ARB request with the same data. The reason for this is that Authorize.net processes ARB requests in batch form.

The time at which Authorize.net processes your ARB requests may vary but it's usually been around 3:00AM for me. You can setup what is called the silent postback URL. This URL is a script that you write that lives on a server you control. When ARBs are processed in the wee hours of the morning, the result of each ARB is sent to your silent postback URL. The data sent to your script will indicate whether an ARB request was actually successful or not. If the ARB request was denied then you can take the appropriate actions to disable that member's account.

Probably the best idea is to do a full AUTH_CAPTURE request for the first subscription period and then setup an ARB with the same data to start on the next period. For example, charge the customer's card with AIM for the first month, and make an ARB request that starts next month. If you're doing a free trial period then the first part is free anyway, so it doesn't really matter, you can just use the regular ARB API.