[ic] Preventing duplicate real-time changes using PayFlo Pro

Kevin Walsh interchange-users@interchange.redhat.com
Thu May 23 10:15:00 2002 

> > > 
> > > Does anyone have experience preventing duplicate real-time changes using
> > > PayFlo Pro? Verisgn can enable duplicate charge prevention. Then you can
> > > pass a DSGUID parameter which should be set to something unique for the
> > > current transaction. It would seem reasonable to set DSGUIG to "<part
> > > card number>[subtotal noformat=1]<hour of day><date>".
> > >
> > Wouldn't the order number be unique enough for this purpose?
> > Can't Verisign be told to use the existing ORIGID parameter?
> >
> Yes. I did not know what ORIGID was.
> 
Neither do I, but I expect that it's some form of originator's
reference number for the order.

> > >
> > > Do I have to hack Payment/Signio.pm to add this parameter to my
> > > PayFlo Pro query string?
> > > 
> > You'd have to hack the payment module, yes.  I should think that
> > you'd just have to add the new key/value to the %query hash.
> > 
> > Would Verisign fall in a heap if the DSGUID key was set in the
> > standard module, regardless of whether or not the option was set?
> > If the value could be set as standard then this change could be
> > made in CVS.
> > 
> > Could you run a few tests and report back on this?
> >
> I can't test this because I already had VeriSign enable duplicate
> suppression on the accounts I have. I did find that the duplicate
> transaction was not suppressed and was actually transacted. The
> difference is the response string now contains a DUPLICATE key that will
> be set to 0 for non duplicate transactions and 1 for duplicate
> transactions.
> 
> I think it would be a good idea to do something like
> 	Signio.pm: 
> 	if ($decline) {
> 		...
> 	} else {
> 		mail to __ORDERS_TO__ "Possible dupliacte charge. check out
> $result{pop.order-id}" if $result{DUPLICATE}
> 		$result{ICSTATUS} = 'success';
>     	}
>
When a duplicate charge is detected and flagged, does it still
go through?  I mean, would the administrator have to act on the
"possible duplicate" email?  If not, then I would just log the
message and forget it.

As I understand it, when you get duplicate Signio charges, you
still only get one Interchange order.  To me, the fault with
this probably lies in the client software supplied by Verisign.
If we can work around it by passing another reference number to
the Verisign server then that's fine.

-- 
   _/   _/  _/_/_/_/  _/    _/  _/_/_/  _/    _/
  _/_/_/   _/_/      _/    _/    _/    _/_/  _/   K e v i n   W a l s h
 _/ _/    _/          _/ _/     _/    _/  _/_/    kevin@cursor.biz
_/   _/  _/_/_/_/      _/    _/_/_/  _/    _/