topic Re: CIM API Credit Card Expiration Dates in Integration and Testing

CIM API Credit Card Expiration Dates

hawc2k — Tue, 22 Feb 2011 11:35:24 GMT

Hello,

I'm trying to implement a credit card expiration email notice solution to customers stored in CIM. Initially, we thought that the expiration date was not allowed to be stored even if we are not storing the PAN, so we never stored it. I've since found that the expiration date can be stored.

I've done some tests using the CIM API and the credit card expiration date comes back masked. But, when I use the Authorize.net merchant portal to view the CIM profile, the CC expiration date it is not masked. Two questions:

1. Why is the expiration date vieable in the merchnat portal but not via the API?

2. Is there any way to get the expiration date via the CIM API so that I can send an email to CCs expiring in the near future?

Thanks!

Re: CIM API Credit Card Expiration Dates

Elaine — Wed, 23 Feb 2011 21:14:08 GMT

1. This was done for security purposes. We never return the expiration date in any other format other than masked in a response via API.

2. I am not aware of any plans of allowing the retrieval of expiration dates via API for the same security reason.

Thank you,

Elaine

Re: CIM API Credit Card Expiration Dates

hawc2k — Wed, 23 Feb 2011 21:48:35 GMT

Thanks for the reply Elaine! Hmm... this will be an issue as it will be difficult to automatically email members when their CC are about to expire. Any suggestions on how we could automate this in some way? Is there a way to retrive this from the ARB API? It is the ARBs that we have setup that need this currently. The only notification we recieve currently for ARBs with expiring credit cards is an email notification. Has anyone else had this issue and found a solution that works?

Thanks!

Re: CIM API Credit Card Expiration Dates

stymiee — Thu, 24 Feb 2011 14:53:04 GMT

This blog post may be helpful to you

Re: CIM API Credit Card Expiration Dates

hawc2k — Fri, 25 Feb 2011 14:27:21 GMT

Hey Stymiee,

That is a good idea but I'm still stuck with the current records where we did not store the expiration date or CC notification date. Any ideas how to send notifications for the current records where all we have is an email notification? Anybody know why the CC expiration notices are only sent via email? Why aren't they part of the silent posts? Thanks!

Re: CIM API Credit Card Expiration Dates

mfredin — Wed, 29 Jun 2011 21:02:44 GMT

I'd like to know the answer to this too. There is no way to get the expiration dates unless you record them in your own system (or a court ordered subpoena), which up until now I haven't done since we were manually taking care of all the failed transactions. Now I'm using silent post and I need to automate the expired accounts and there really is no way to do it besides setting up a script to parse through the emails.

There is all this protection and safe guarding of data by hiding the expiration dates of credit cards within the authorize.net system, yet to notify us of important things like expired cards they use unsecured email containing a lot of customer data. Name, phone number, address, email, etc etc. If someone got a hold of these emails it would be pretty easy scam... just call my customers up claiming to be from my company and ask them for their updated card info since their old card has expired. All the info they need is right there in an email.

Frustrating.

Re: CIM API Credit Card Expiration Dates

hawc2k — Wed, 29 Jun 2011 21:14:14 GMT

Hey Mfredin,

I think I may have a solution but I have not been able to test it yet. What may work is to run a test authorization on a CIM profile on or around the first of the month. If the test authorization fails, then an email can be generated based on the test response. This would require the CIM service to work. For ARB only subscriptions I'm still looking for a solution.

Has anyone tried using the CIM test authorization option to send credit card expiration notices prior to expiration? Any ideas on how to do the same for ARB subscriptions where the CC expiration is not stored locally? Thanks!

Re: CIM API Credit Card Expiration Dates

hawc2k — Fri, 22 Feb 2013 17:18:23 GMT

So it's been almost 2 years and there apparently is still no functionality within Authorize.net to help facilitate expired credit card notifictions. Authorize.net has stated that they added it to a feature request list but it's clearly not a high priority. Competing payment gateway providers do provide this information for tokenized and/or recurring billing profiles so it's frustrating that Authoize.net has not added this functionality. I can verify that this has, in part, caused two top merchant to move away from Authorize.net.

Another ongoing short coming is that there is no way to connect a CIM profile with a ARB profile. I understand that CIM can and was initially designed to be used to process recurring payments from a client side application but the burden to process the recurring payment requires additional programming or third party tools on the customers side. Having the option to connect and update the ARB profile from a CIM profile would allow developers to use the CIM service as a central payment profile in conjunction with the ARB service. If the reporting to request credit card expiration status or upcoming expiration status was available, it could be used to update both the CIM and ARB.

PCI compliance should allow Authorize.net to return an unmasked expiration date as long as the PAN is not provided. It's frustrating that this is nopt an option. There is an option to download a full tab delimited file of the CIM profiles but it too masks the expiration dates so there is no way to integrate this with a back-end notification system.

Does Authorize.net actually have plans to add additional credit card expiration functinality to the APIs or is it really not considered an important feature and will never be implemented?

Re: CIM API Credit Card Expiration Dates

kmueller — Thu, 05 Sep 2013 15:33:23 GMT

Hi All, I was searching through Google to see if Authorize.net had implemented any kind of solution for the exipration date problem yet. Looks like they haven't.

Anyway, here's the unsightly/inconvenient way we've worked around the problem. When a new customer signs up with us, a human being goes into the customer profile and puts the expiration date of the card into the "Country" field of the customer profile. We don't use the country field for anything so it serves as an acceptable place to keep this information.

It's ugly and it's inconvenient, but it at least allows us to email customers who's cards are about to expire.

Hoping for the day Authorize.net implements a solution for this like the other processors have,

Ken

Re: CIM API Credit Card Expiration Dates

hawc2k — Thu, 05 Sep 2013 22:18:04 GMT

Hey kmueller,

Intresting work-around or hack that might be useful in the future. You could potentially do this via the API and using some user defined field. I wonder if this would violate Authorize.net's terms but they clearly are not taking this lack of functionality seriously at this point so I'd try it.

Auth.net has lost a high quantity, top merchant partly due to this issue so they are loosing money and don't seem to care. I know this functionalty is availble in the services of the parent company Cybertrust so maybe they use it as an upgrade teaser but it is ridiculous that this is not avaible in Auth.net. The wait continues for Auth.net to improve their services...

Re: CIM API Credit Card Expiration Dates

RichardH — Mon, 09 Sep 2013 15:48:47 GMT

I've noted your request to enhance our API to return the credit cart expiration date and forwarded it to our product management team for consideration in a future release. I would suggest subscribing to this topic to be notified if there are updates.

Richard

Re: CIM API Credit Card Expiration Dates

TJPride — Mon, 09 Sep 2013 20:49:57 GMT

One possible solution that wouldn't involve security issues might be to have an automatic email service from Authorize.net that sends out notifications to people whose credit cards are about to expire. Companies using Authorize.net would pay let's say 1 cent per email, and they'd be able to customize the email message to some extent.

For ARB, the people emailed would be whoever has a subscription extending past their expiration date.

For CIM, it's a bit more complicated - there would need to be a way to mark payment and/or customer profiles as to how long to notify for. That means some changes to the API, and obviously to Authorize.net's internal database. But this is a badly needed feature.

Re: CIM API Credit Card Expiration Dates

issueafterissue — Sat, 12 Oct 2013 20:14:35 GMT

It is not letting me subscribe to this so I am replying instead.

This is much needed functionality and I can't seem to find any clean workarounds either.

Re: CIM API Credit Card Expiration Dates

jlanawalt — Fri, 03 Jan 2014 23:47:30 GMT

I am happy to see the credit card expiration when I access the Manage payment and shipping page via redirect or lightbox popup of the Hosted Form portion of the CIM API. You can see an example of this on pages 87 and 93 of the October 2013 CIM_SOAP_guide.pdf. That form even goes as far as to let you edit just the expiration date of a saved card without hitting Edit to pull up the Edit Payment Inforamtion dialog where, for whatever reason, the expiration is masked.

Please continue to have the unmasked expiration date in the Manage Payment and Shipping page and stop masking it in the Edit Payment Information dialog and in the CIM CreditCardMaskedType. If the expiration is masked to let you test for a change, then feel free to add a second unmasked field that is ignored when UpdateCustomerProfile or UpdateCustomerPaymentProfile is called.

I look forward to hearing about this change happening.

Thank you,

Re: CIM API Credit Card Expiration Dates

teratask — Tue, 04 Nov 2014 05:42:13 GMT

I routinely get asked this question. A solution I have not seen discussed (I could have missed it) is an API call to get cards expiring within a given timeframe. By setting the timeframe to be a multiple of weeks (or even months if 1 is allowed as a value), then the data is not exposed, but the information needed -- namely, should I send an update reminder email? -- is provided.

The ability to update expiration dates on a Payment Profile and not be required to include the whole card number (could require just the last 4 for a bit of validation) is also big.

Re: CIM API Credit Card Expiration Dates

jlanawalt — Thu, 04 Jun 2015 16:40:23 GMT

Do you agree with most posters and CoryAuth that CIM's customer payment profile should return an unmasked expiration date? Follow this thread and go vote (kudo) his idea post:

UnMasked Expiration Date in Hosted CIM's getCustomerProfileRequest by CoryAuth on ‎01-23-2015 11:08 AM

Re: CIM API Credit Card Expiration Dates

satyarao78 — Fri, 11 Mar 2016 07:55:57 GMT

i want to get the credit card type and credit card exipry date from AUTHORIZE API.

example for credit card type is VISA,MASTER CARD.

is there a way that i can get these two details from authrize api.

Thanks

Satya