CVV filtering for creating profiles and transactions with CIM

Alb — Wed, 12 Nov 2014 14:26:26 GMT

Hello!

I’m investigating an opportunity to use Authorize.net CIM solution for developing an online payment option for an online store.

There are couple constraints:

I’m trying to avoid storing and passing credit card details through our network and systems.
Final total and even maximum possible total can not be defined when an online shopper places the order because of unknown live stock and substitutions (so pre-authorization solution wouldn’t work).

I’m trying to figure out if following approach might work:

1. From an online store system I’m creating CIM profiles for already existing online shoppers and all new accounts with createCustomerProfileRequest
2. Online shopper stores credit card details via configured Authorize.net hosted forms (from Checkout or Account management). hostedProfileValidationMode = LiveMode
3. I’m getting Payment profiles for the customer via getCustomerPaymentProfileRequest to ask the online shopper what is the preferred payment card and store the payment profile ID for the order.
4. After the order is processed at the fulfillment center and the final total is known I want to charge the online shopper with a request createCustomerProfileTransactionRequest and deliver the order in case of successful payment. The request should be initiated from my backend systems basing on an order status change.

There is one problem with the described approach I can not solve. I want to be sure that my online shopper owns the card. So I need to validate Card Code for cards which an online shopper stores via hosted forms. For this purpose I can configure CVV filtering like it’s described at Standard Transaction Security Settings.

But I will not know the Card Code at the step 4. And createCustomerProfileTransactionRequest description claims that it’s required if the CVV filtering is On.

I’ve been thinking about moving the filtering logic to my store back-end systems but I don’t know how to get the Card Code Response after it’s saved from the hosted form.

Could you please advice if there is a CVV filtering configuration allowing to check the Card code only for new cards?

If I configured the filtering to void transactions for responses 'N = The Card Code does not match' and forwarded an empty (or NULL?) Card Code at createCustomerProfileTransactionRequest will I get some error like for mandatory field missing "E00041 One or more fields must contain a value"?

Re: CVV filtering for creating profiles and transactions with CIM

RichardH — Fri, 14 Nov 2014 17:23:57 GMT

Hello @Alb

The cardCode (CVV) is used only for the LiveMode validation and is not stored in the customer profile.

Richard

topic Re: CVV filtering for creating profiles and transactions with CIM in Integration and Testing

CVV filtering for creating profiles and transactions with CIM

Re: CVV filtering for creating profiles and transactions with CIM