topic Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction in Integration and Testing

Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transactions

sdwebguy — Fri, 06 Jan 2012 22:02:22 GMT

After a frustrating chat with Authorize live support, they directed me here. Hoping someone at Authorize can answer this.

Our application uses the CIM XML to manage customer and payment profiles, as well as issue charges, voids, and refunds against those profiles. When we want to add a card on file for one of our members, we call the createCustomerProfileRequest function, passing along <validationMode>none</validationMode> as required on page 21 of the CIM_XML_guide.pdf: "When you call createCustomerProfileRequest, then you must use a value of none (or leave the value blank) if the request does not include any payment profile information."

Once the customer profile has been added to CIM, we use the Authorize hosted CIM form to collect the cardholder data. We call getHostedProfilePageRequest to get the token, and use the token to forward to Authorize as specified in the docs. Note that there is no validationMode allowed in this request.

When the cardholder data is entered, there is an immediate ValidateCustomerPaymentProfile transaction issued against that CIM payment profile. We didnt ask it to do that, nor do we want it to do that (the point of my question here).

The question:

How do we turn off this validation? If we were not using the CIM hosted form, I assume we would call the createCustomerPaymentProfileRequest function, which does take the validationMode element. We are using the hosted CIM so we are not collecting any cardholder data on our servers at all.

I think the problem is the hosted form (which we have no control over) is submitting the validation request on its own.

Authorize folks -- how can we use the Hosted CIM solution and not run the validation transactions?

Your help is appreciated.

Tim

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

TJPride — Fri, 06 Jan 2012 23:30:12 GMT

I just looked through the documentation and did a bunch of searches and didn't turn up anything, this is the first time anyone has asked this particular question as far as I know. Guess we have to wait for a mod to weigh in.

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

Trevor — Mon, 09 Jan 2012 21:17:08 GMT

Currently, the validation mode cannot be modified when using the hosted CIM forms. We do appreciate the feedback and will keep it in mind for future updates, but I'm afraid that I can't offer an immediate resolution.

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

bizcatalyst — Wed, 11 Jan 2012 20:43:50 GMT

Dear Authorize.net,

Please provide some workaround for this issue, it is causing several customers (at az.naturesgardendelivered.com) to not be able to enter their card info because their banks deny transactions under $1 for security reasons (like Paypal does, if I remember correctly). I was happy to use the hosted CIM solution to keep out of the PCI envelope but if the customers cannot use it then we'll need to do something else (and maybe somewhere else).

Regards,

Robert

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

bizcatalyst — Wed, 11 Jan 2012 20:45:15 GMT

Why is this thread marked as solved? It is clearly not solved.

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

RaynorC1emen7 — Wed, 11 Jan 2012 20:57:39 GMT

It solved because the the person who started the thread got his or her answer that at this time, you can not override the validationMode.

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

sdwebguy — Wed, 11 Jan 2012 21:36:49 GMT

I agree that "Solved" is not the best choice of words. The issue is a major problem for us, but we have to file it under the "what can we do about it" category of Authorize issues.

I guess I should post a followup conversation I had with Authorize support about this -- if we would be charged fees for this forced validation call.

Hello, my name is Kristine H. How may I assist you today?

Tim Lux: I have a very specific question about Authorize.net CIM and our charged fees.

Kristine H: Sure, no problem.

Tim Lux: We use Authorize.net *hosted* CIM to collect cardholder data. When a card is saved to a customer profile in CIM using the *hosted* CIM, there is an automatic validateCustomerPaymentProfile call run which charges the card and immediately voids it.

Tim Lux: I asked on the developer forums if this could be turned off, and the answer was no, it cannot. The hosted CIM cannot turn off the validation. So my question is...

Tim Lux: When using AIM previously, when we received a new card from a member, we would charge an amount and immediatley void it, causing hundreds of dollars in extra processing fees. Are there ANY processing fees with the required validateCustomerPaymentProfile that the hosted CIM solution runs automatically?

Kristine H: Your not required to validate the card before its saved in CIM. Your developers would need to read through our CIM integration guide for the information on not sending that request. You will be charged processing fees for any transactions submitted, even the validation of the card before saved in CIM.

Kristine H: Here is the link to the CIM integration guides. You can provide this link to your developers.

The agent is sending you tohttp://developer.authorize.net/api/cim/.

Tim Lux: you are not listening to me

Tim Lux: Read this link

Tim Lux: http://community.developer.authorize.net/t5/Integration-and-Testing/Hosted-CIM-validationMode-set-to-none-and-automatic/td-p/21297

Tim Lux: when using the hosted CIM option Authorize.net provides, we have NO CONTROL OVER THE VALIDATION CALL. It just does it. So again, the question is... are we charged any fees for this forced validation?

Kristine H: You are not charged fees when it validates the profile.

Tim Lux: We are not charged fees when it validates the payment profile?

Kristine H: No you are not.

Tim Lux: OK I will pass that along to our accounting dept to verify in the next statement. Thanks for your time.

If it turns out we are charged fees, my management has already discussed possibilities of a lawsuit. Will let you know.

Tim

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

TJPride — Wed, 11 Jan 2012 21:49:12 GMT

The most you'll get out of that is your transaction fees back and perhaps (if you're very lucky) the cost of developing your web site to work with Authorize.net. Lawyer fees will eat that in the first week. Seems to me that bad press would have more of a point than a lawsuit.

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

RaynorC1emen7 — Wed, 11 Jan 2012 21:53:11 GMT

I think she got it wrong. That why most of the time they will said to go the forum for developer issue.

Not sure about the lawsuit, did you save the eula when you signup the CIM? It will be interested to see what in it. And I don't think it is a fee from authorize.net but a fee from the merchant bank.

If you are doing AIM before, why use the hosted CIM?

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

sdwebguy — Thu, 12 Jan 2012 17:18:36 GMT

We were using AIM before, however, so we can be fully PCI compliant on our end, we moved to hosted CIM. That gets us out of transmitting or collecting the cardholder data altogether. Our applications actually integrate with several other companies (Sage, Beanstream are a couple) that offer similiar solutions to Authorize's CIM.

I don't have any faith the rep I chatted with was correct about there not being any fees. That's one issue. The second is if there are fees, we are forced to encounter them based on how Authorize has (or has not) setup their CIM product.

Tim

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

TJPride — Thu, 12 Jan 2012 17:41:55 GMT

There are multiple validation modes if you're using regular CIM. testMode just does the surface validation and should be free. liveMode runs a credit card transaction and then voids it, so that would generate a transaction fee. Apparently, you're just stuck in liveMode using hosted CIM.

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

sdwebguy — Wed, 18 Jan 2012 18:02:59 GMT

Turns out what Kristine H told me in my chatr with Authorize was not true. No surprise.

It appears we ARE being charged 10 cents for each forced validateCustomerPaymentProfile call just because we use the hosted CIM solution.

Authorize -- this is now going to be a major issue. Who can we contact to discuss options? This isnt acceptable.

Tim

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

Michelle — Wed, 18 Jan 2012 22:37:12 GMT

Hey Tim and everyone,

I just wanted to confirm again for everyone, yes, you are charged a fee for validationMode if you choose to do the live validation. And yes, right now, there is no way to turn that off when using the hosted option for CIM. I apologize for any misinformation on the fee front.

Just so you know, we have passed this thread on to our development teams to let them know of the need to be able to turn off validationMode when using hosted CIM. So thanks for the feedback on that.

Again, I apologize for the confusion.

Thanks,

Michelle

Developer Community Manager

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

bizcatalyst — Fri, 03 Feb 2012 20:29:30 GMT

Thanks Michelle for mentioning that this feedback was passed to the dev team. Can you post their response please so your customers can get an idea of the status? Did they say something like, "Oh yeah, we didn't think of that before. We'll make that available in the next minor release which is currently scheduled for Feb 15th"? It would be nice to hear something like that, I'm helping 2 more businesses get setup with hosted CIM now so I'd really like to know.

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

larrykluger — Tue, 07 Feb 2012 15:22:50 GMT

Unfortunately, Auth.net tends not to give any guidance, road maps, etc on their development plans. It's just a black box (at best).

My guess is that they have a tiny development dept that spends too much time on maintenance and too little on new features. Combine that with a very long and tough testing cycle and the result is few and far between software updates from them.

Eg, has anyone ever seen a "release" summary from them? I only see the press releases.

Bottom line: don't count on the new feature appearing anytime soon.

Best results I've had have been from talking with the Auth.Net president at trade shows. He often shows up.

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

dtobey — Wed, 29 Feb 2012 02:25:00 GMT

+1 for fixing this in CIM Hosted as soon as possible.

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

levonn — Tue, 24 Apr 2012 06:18:45 GMT

Not sure if there was any solution to this, but we also REALLY need to have a way to control validation on the hosted profile page. I would prefer to have a way to pass something to GetHostedProfilePage through hostedProfileSettings and disable the validation. Unless if there is a strong reason behind the implementation, I think this is one of those things where every client should decide based on their business needs. In my case it's not acceptable to have one extra $0.00 voided charge on credit card statement as it's confusing for customers and where we all trying to do is to keep customers happy and not think about some mysterious $0.00 charge.

Autorize.Net guys ... Can you reveal the plans on this .. Is there anything on roadmap?

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

Michelle — Tue, 24 Apr 2012 19:20:34 GMT

Hey everyone,

Unfortunately, we can't really comment on exactly what will be released and when. But I can assure you that our dev teams are aware of this request, and we hope to get it resolved in an upcoming release.

Thanks,

Michelle

Developer Community Manager

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

paulchasnoff — Thu, 03 May 2012 14:32:59 GMT

After spending much time and $$$ to reprogram all our checkouts, our accounting people came to me after we went live asking about all the extra charges! Our developer found this thread. PLEASE FIX! And it would be appropriate to disclose and waive the extra charges until it is corrected!

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

phippster — Tue, 15 May 2012 00:12:06 GMT

This appears to also affect the iframe inclusion of CIM as well because essentially it's hosted (just in the iframe) as I just got an email from my "test" that a validation transaction had happened for $0.