[ic] Authorize.net & fallback to GPG?

Steve Graham icdev at mrlock.com
Mon Mar 31 10:50:09 EST 2008

>Has anyone come up with a satisfactory system for giving the user info
>on the result of their pre-auth, but preventing fraudsters from
>testing stolen cards?

The Authorize.net configuration will email the GPG'd credit card 
info, you can decide if you are going to just authorize, or capture 
each sale . The system I work with, just authorizes transactions, 
then posts for settlement upon shipment in the admin UI - this 
feature is built in since (5.4?).
The only drawback on authorizations: if the customer attempts to 
complete a sale and it takes 2-3 attempts, using incorrect billing 
address or zip, and they finally get it right on the 4th try - each 
attempt to validate the card locks up the funds for about 24 hours. 
So if they try to finish a sale for $100.00 ,4 times, they have 
reduced their available credit by $400.00 until the first three 
attempts clear - this doesn't happen often, but some people get a 
little irate about it.

I wrote some custom code which limits the number of times that they 
can attempt to test a credit card for valid billing address and zip 
code, then locks out further attempts, also added CVV test - this 
really put a damper on fraudulent activity, but doesn't stop it all.
We capture international cards without authorization, for later 
review - we have a really strict policy on international cards on 
unknown customers.

Once you dig into the processing of credit card/payment processes, 
can do just about anything you need.


More information about the interchange-users mailing list