I am writing this hear as I am not sure where else to write it.
My problem is the following:
I have instances, when attempting a charge via the Customer Information API, where I receive a "Communication Error". Each time this happens something different happens on the Merchant Provider end. Sometimes, this puts a hold on the card, which then drops off at later date. Sometimes it doesn't put anything on the card. Other times it actually charges the card for the amount attempted. So any time I have a Communication Error I'm forced to call the Merchant Provider to find out if the charge actually happened or not.
FYI, A Communication Error gives the following error message:
"Communication Error (Processor error - Timed out while waiting for a response from processor for authorization. If these errors persist, contact merchant service provider.)"
This doesn't happen often, nor with any regularity, sometimes I go a week or two with none. Last week it happened 7-8 times.
The problem is I cannot get a resolution to this issue. I call the Merchant Provider, they say it isn't their problem call your gateway provider. I call Authorize.net and you say it isn't your problem, call the Merchant Provider.
From my point of view this is an Authorize.net problem. It would seem to me that Authorize.net should be prepared to handle things like this. If a Communication Error occurs THE CARD SHOULD NOT BE CHARGED!
I am writing this here because I have not been able to get any type of resolution to this matter. It is unacceptable, that charges may, or may not be charged, or it may, or may not put a hold on the card.
I have not attempted this in the sandbox, since it so rarely occurs I didn't think of trying to do it there.
I contacted customer support 4 days ago, was told they were going to research the issue and that they would get back to me. No one's called me or emailed me since.
I've also started getting this error.
I believe it is because my server no longer allows SHA-1 certificates, and eprocessingnetwork.com is still using the deprecated certificates.
I called support, but they didn't know the different between SHA-1 and SHA-2 and directed me to their IT administrator who is on vacation.
I am correct in thinking that no one should be using SHA-1 any more, right? It is now disabled by default in openssl/apache2. I'll have to see if I can enable it for the one site, but it seems like that might violate the PCI compliance by knowingly enabling insecure protocols...
Is there anything else I can do (other than switch service providers)?