topic Re: Customer Information Manager Question.... in Integration and Testing

Customer Information Manager Question....

endangeredsp — Mon, 26 Dec 2011 18:48:56 GMT

When using CIM, and we choose the option to store and reuse their credit card number/payment info they entered, do we have to grab it and populate it on the form, or is there a way (which is our first preference) to just pass something that will indicate that we want to use the credit card number on authorize.net servers but without having to see/touch it at all. (We don't want to have first retrieve the CC# and have it on our end and then resubmit it back.)

Is this possible?

Re: Customer Information Manager Question....

stymiee — Mon, 26 Dec 2011 19:49:39 GMT

That's exactly what CIM is for. You tell CIM which payment profile to use and it charges the credit card accordingly.

Re: Customer Information Manager Question....

TJPride — Mon, 26 Dec 2011 19:54:16 GMT

When you set up a CIM profile and billing profile, you get back profile ID's, which are what you use to charge transactions from then on. You do not get back the credit card info, in fact credit card info is impossible to retrieve short of submitting a ticket to Authorize.net through your account interface and asking them to export you a file manually. The most you can access through the CIM API is the last 4 digits - the rest is masked for obvious security reasons.

If you're using CIM, you'll have a user account for each person in your database, and you'll store their profile ID and billing profile ID(s) in your database. If a payment comes due, you just generate a charge against those ID's and you're good to go - assuming the credit card is still active and has sufficient balance. If you want to validate the credit card info ahead of the first charge, there's something called validation mode, which amounts to Authorize.net internally charging for $0.01 or $0.00 and then immediately voiding so as to verify that the credit card works. This does generate a transaction fee, of course.

Re: Customer Information Manager Question....

endangeredsp — Mon, 30 Jan 2012 17:34:53 GMT

Thanks for your quick reply!

Another question: Why do we need to store two IDs? You mentioned profile ID and billing ID. I'm a correct in my understanding that Profile ID would be for each customer? Why would Billing ID also be needed? Does this mean they can store more than one Credit Card?

Re: Customer Information Manager Question....

endangeredsp — Mon, 30 Jan 2012 17:38:14 GMT

Also, apologies if all of this is documented somewhere. If it is, can someone direct me to the document so that I can get started with my understanding on how to begin implenting this option?

Re: Customer Information Manager Question....

TJPride — Mon, 30 Jan 2012 23:03:39 GMT

They can store more than one billing method, which would include multiple credit cards as well as eCheck and bank accounts if your merchant supports those.

Re: Customer Information Manager Question....

endangeredsp — Tue, 31 Jan 2012 19:55:21 GMT

Another question....

If we do give a customer an option to store more than one credit card, will you be able to push back to us an indicator of which billing ID is for which Credit card? (I.e. the last four digits of the credit card so they'll know which billing ID they'll want to choose to use?) My company is in a discussion of giving the user the option to select (from maybe a pulldown) what credit card/billing ID they'd like to use, and I imagine the customer won't recognize the billing ID when they are selecting from the pulldown.

Re: Customer Information Manager Question....

TJPride — Tue, 31 Jan 2012 20:48:38 GMT

getCustomerPaymentProfile()

Sample XML dump of output:

<?xml version="1.0" encoding="utf-8"?> 
<getCustomerPaymentProfileResponse 
xmlns="AnetApi/xml/v1/schema/AnetApiSchema.xsd"> 
  <messages> 
    <resultCode>Ok</resultCode> 
    <message> 
      <code>I00001</code> 
      <text>Successful.</text> 
    </message> 
  </messages> 
  <paymentProfile> 
    <billTo> 
      <firstName>John</firstName> 
      <lastName>Doe</lastName> 
      <company></company> 
      <address>123 Main St.</address> 
      <city>Bellevue</city> 
      <state>WA</state> 
      <zip>98004</zip> 
      <country>USA</country> 
      <phoneNumber>000-000-0000</phoneNumber> 
      <faxNumber></faxNumber> 
    </billTo> 
    <customerPaymentProfileId>20000</customerPaymentProfileId> 
    <payment> 
      <creditCard> 
        <cardNumber>XXXX1111</cardNumber> 
        <expirationDate>XXXX</expirationDate> 
      </creditCard> 
    </payment> 
  </paymentProfile> 
</getCustomerPaymentProfileResponse>

As you can see, it will return the payment type and all non-protected data. For instance, the card number is masked but you do get back the last 4 digits, which you could then display for your customer in a pull-down for him to choose from.

Re: Customer Information Manager Question....

endangeredsp — Wed, 08 Feb 2012 15:24:08 GMT

Why is the expiration date value xx'ed out? We were wondering if we'll be able to see this as well when it's pushed back? (To store on our end with the last 4 digits and use to determine if we'll hide the credit card/billing ID option if expiration date has expired.)

Re: Customer Information Manager Question....

TJPride — Wed, 08 Feb 2012 18:19:08 GMT

If you're storing credit card data on your own server, then you may as well ignore CIM entirely, since AIM is easier to implement if you have the credit card data available all the time. However, this is generally considered very bad practice, since it forces you to implement the highest levels of security.

Short version - the entire point of CIM is to avoid ever having to store credit card data on your computer / hosting. Hosted CIM even avoids the credit card data being transferred through your computer / hosting.

Re: Customer Information Manager Question....

endangeredsp — Wed, 08 Feb 2012 18:23:15 GMT

We will definietely be using CIM, but want to allow the user the option of selecting which credit card they want to use. We thought we'd also hide credit cards they'd possibly select (from a pulldown with the last 4 digits) with an expiration date. We could also, just flag the credit card on our server as expired if the transaction gets rejected. (We just wanted to know what options we have.)

Re: Customer Information Manager Question....

TJPride — Wed, 08 Feb 2012 23:52:48 GMT

Just sort them by the order that they were last updated (this would be something you'd store on your end...) There isn't any mechanism for identifying expired cards, sadly, short of running a transaction against them.