[ic] Authorize.net & fallback to GPG?

Grant emailgrant at gmail.com
Mon Mar 31 20:14:03 EST 2008

>  >Has anyone come up with a satisfactory system for giving the user info
>  >on the result of their pre-auth, but preventing fraudsters from
>  >testing stolen cards?
>  The Authorize.net configuration will email the GPG'd credit card

Should I just write some ITL to email [value mv_credit_card_info] if I
don't get a valid response from Authorize.net?  That would be simple

>  info, you can decide if you are going to just authorize, or capture
>  each sale . The system I work with, just authorizes transactions,
>  then posts for settlement upon shipment in the admin UI - this
>  feature is built in since (5.4?).
>  The only drawback on authorizations: if the customer attempts to
>  complete a sale and it takes 2-3 attempts, using incorrect billing
>  address or zip, and they finally get it right on the 4th try - each
>  attempt to validate the card locks up the funds for about 24 hours.
>  So if they try to finish a sale for $100.00 ,4 times, they have
>  reduced their available credit by $400.00 until the first three
>  attempts clear - this doesn't happen often, but some people get a
>  little irate about it.
>  I wrote some custom code which limits the number of times that they
>  can attempt to test a credit card for valid billing address and zip
>  code, then locks out further attempts, also added CVV test - this
>  really put a damper on fraudulent activity, but doesn't stop it all.
>  We capture international cards without authorization, for later
>  review - we have a really strict policy on international cards on
>  unknown customers.

I like the idea of sending the payment info to Authorize.net without
any type of authorization.  Which charge type accomplishes that?

>  Once you dig into the processing of credit card/payment processes,
>  can do just about anything you need.
>  Steve

If sending the payment info to Authorize.net succeeds and I don't
email [value mv_credit_card_info], can that payment info be said to
never be stored on my machine?  I think it would only be in memory

- Grant

More information about the interchange-users mailing list