[ic] Authorize.net & fallback to GPG?
Steve Graham
icdev at mrlock.com
Mon Mar 31 10:50:09 EST 2008
>
>Has anyone come up with a satisfactory system for giving the user info
>on the result of their pre-auth, but preventing fraudsters from
>testing stolen cards?
The Authorize.net configuration will email the GPG'd credit card
info, you can decide if you are going to just authorize, or capture
each sale . The system I work with, just authorizes transactions,
then posts for settlement upon shipment in the admin UI - this
feature is built in since (5.4?).
The only drawback on authorizations: if the customer attempts to
complete a sale and it takes 2-3 attempts, using incorrect billing
address or zip, and they finally get it right on the 4th try - each
attempt to validate the card locks up the funds for about 24 hours.
So if they try to finish a sale for $100.00 ,4 times, they have
reduced their available credit by $400.00 until the first three
attempts clear - this doesn't happen often, but some people get a
little irate about it.
I wrote some custom code which limits the number of times that they
can attempt to test a credit card for valid billing address and zip
code, then locks out further attempts, also added CVV test - this
really put a damper on fraudulent activity, but doesn't stop it all.
We capture international cards without authorization, for later
review - we have a really strict policy on international cards on
unknown customers.
Once you dig into the processing of credit card/payment processes,
can do just about anything you need.
Steve
More information about the interchange-users
mailing list