cancel
Showing results for 
Search instead for 
Did you mean: 

Auth only transaction succeeds on expired credit card

I am having issue finding a good way to verify whether or not Credit Card is expired using Authorize.net payment gateway.

I used ValidateCustomerPaymentProfileRequest API as documented here - https://developer.authorize.net/api/reference/index.html#customer-profiles-validate-customer-payment... and this only validates the existence of payment profile i believe. Does not validate the credit card expiry.

I tried to do a Auth only transaction using CreateTransactionController as documented here - https://developer.authorize.net/api/reference/index.html#payment-transactions-authorize-a-credit-car.... AuthOnly transaction is allowed on a expired credit card as well, the transaction succeeds.

I also tried using GetCustomerPaymentProfileController as documented here https://developer.authorize.net/api/reference/index.html#customer-profiles-get-customer-payment-prof... to get the expiration date so i can manually verify but in response i get XXXX, mmdd isnt visible in the response.

This shouldnt be this complicated. Can someone point me to right direction ? I noticed while testing that expired credit card also succeeds and thats when i started testing with ValidateCustomerPaymentProfileRequest and GetCustomerPaymentProfileController to verify. Even the CreateTransactionController to create Auth only transaction succeeds which leaves me surprised.

I did file a support case and i was asked to post here

Here is a snippet of AuthOnly transaction i use

 

// Step 2: Create the transaction request for authOnly
    $transactionRequestType = new AnetAPI\TransactionRequestType();
    $transactionRequestType->setTransactionType("authOnlyTransaction");
    $transactionRequestType->setAmount("0.01");  // Small transaction amount

    // Associate the payment profile
    $paymentProfile = new AnetAPI\CustomerProfilePaymentType();
    $paymentProfile->setCustomerProfileId($profile['customer_profile_id']);
    $paymentProfile->setPaymentProfile(new AnetAPI\PaymentProfileType());
    $paymentProfile->getPaymentProfile()->setPaymentProfileId($profile['customer_payment_profile_id']);
    $transactionRequestType->setProfile($paymentProfile);
 

 

With this code, i would expect that AuthOnly transaction on expired credit card would fail. I see a success response and i see the transaction on the Authorize.net as well.

rockyr1
Member
0 REPLIES 0

Type a product name