I just took a quick look at confirm.php in reference to the transaction key field:
<input id="x_login" name="x_login" type="hidden" value="<?php echo("".($WA_Authorize_Net_API_Credentials_Login_ID) .""); ?>" />
<input id="txnkey" name="txnkey" type="hidden" value="<?php echo("".($WA_Authorize_Net_API_Credentials_Transaction_Key) .""); ?>" />
<input id="x_fp_sequence" name="x_fp_sequence" type="hidden" value="<?php echo("".AuthNet_RandomID() .""); ?>" />
according to authorize.net, I'm seeing the following:
If you are using AIM, please make sure you are sending a valid Transaction Key along with your transaction request. The Transaction Key should be submitted using the field x_tran_key.
While I'm not so sure about the id="txnkey" part, am wondering if it should be "x_tran_key" instead.