- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Auth only transaction succeeds on expired credit card
I am having issue finding a good way to verify whether or not Credit Card is expired using Authorize.net payment gateway.
I used ValidateCustomerPaymentProfileRequest API as documented here - https://developer.authorize.net/api/reference/index.html#customer-profiles-validate-customer-payment... and this only validates the existence of payment profile i believe. Does not validate the credit card expiry.
I tried to do a Auth only transaction using CreateTransactionController as documented here - https://developer.authorize.net/api/reference/index.html#payment-transactions-authorize-a-credit-car.... AuthOnly transaction is allowed on a expired credit card as well, the transaction succeeds.
I also tried using GetCustomerPaymentProfileController as documented here https://developer.authorize.net/api/reference/index.html#customer-profiles-get-customer-payment-prof... to get the expiration date so i can manually verify but in response i get XXXX, mmdd isnt visible in the response.
This shouldnt be this complicated. Can someone point me to right direction ? I noticed while testing that expired credit card also succeeds and thats when i started testing with ValidateCustomerPaymentProfileRequest and GetCustomerPaymentProfileController to verify. Even the CreateTransactionController to create Auth only transaction succeeds which leaves me surprised.
I did file a support case and i was asked to post here
Here is a snippet of AuthOnly transaction i use
// Step 2: Create the transaction request for authOnly $transactionRequestType = new AnetAPI\TransactionRequestType(); $transactionRequestType->setTransactionType("authOnlyTransaction"); $transactionRequestType->setAmount("0.01"); // Small transaction amount // Associate the payment profile $paymentProfile = new AnetAPI\CustomerProfilePaymentType(); $paymentProfile->setCustomerProfileId($profile['customer_profile_id']); $paymentProfile->setPaymentProfile(new AnetAPI\PaymentProfileType()); $paymentProfile->getPaymentProfile()->setPaymentProfileId($profile['customer_payment_profile_id']); $transactionRequestType->setProfile($paymentProfile);
With this code, i would expect that AuthOnly transaction on expired credit card would fail. I see a success response and i see the transaction on the Authorize.net as well.
โ09-17-2024 10:57 AM