I'm trying to implement a credit card expiration email notice solution to customers stored in CIM. Initially, we thought that the expiration date was not allowed to be stored even if we are not storing the PAN, so we never stored it. I've since found that the expiration date can be stored.
I've done some tests using the CIM API and the credit card expiration date comes back masked. But, when I use the Authorize.net merchant portal to view the CIM profile, the CC expiration date it is not masked. Two questions:
1. Why is the expiration date vieable in the merchnat portal but not via the API?
2. Is there any way to get the expiration date via the CIM API so that I can send an email to CCs expiring in the near future?
I've noted your request to enhance our API to return the credit cart expiration date and forwarded it to our product management team for consideration in a future release. I would suggest subscribing to this topic to be notified if there are updates.
One possible solution that wouldn't involve security issues might be to have an automatic email service from Authorize.net that sends out notifications to people whose credit cards are about to expire. Companies using Authorize.net would pay let's say 1 cent per email, and they'd be able to customize the email message to some extent.
For ARB, the people emailed would be whoever has a subscription extending past their expiration date.
For CIM, it's a bit more complicated - there would need to be a way to mark payment and/or customer profiles as to how long to notify for. That means some changes to the API, and obviously to Authorize.net's internal database. But this is a badly needed feature.
I am happy to see the credit card expiration when I access the Manage payment and shipping page via redirect or lightbox popup of the Hosted Form portion of the CIM API. You can see an example of this on pages 87 and 93 of the October 2013 CIM_SOAP_guide.pdf. That form even goes as far as to let you edit just the expiration date of a saved card without hitting Edit to pull up the Edit Payment Inforamtion dialog where, for whatever reason, the expiration is masked.
Please continue to have the unmasked expiration date in the Manage Payment and Shipping page and stop masking it in the Edit Payment Information dialog and in the CIM CreditCardMaskedType. If the expiration is masked to let you test for a change, then feel free to add a second unmasked field that is ignored when UpdateCustomerProfile or UpdateCustomerPaymentProfile is called.
I look forward to hearing about this change happening.
I routinely get asked this question. A solution I have not seen discussed (I could have missed it) is an API call to get cards expiring within a given timeframe. By setting the timeframe to be a multiple of weeks (or even months if 1 is allowed as a value), then the data is not exposed, but the information needed -- namely, should I send an update reminder email? -- is provided.
The ability to update expiration dates on a Payment Profile and not be required to include the whole card number (could require just the last 4 for a bit of validation) is also big.
Do you agree with most posters and CoryAuth that CIM's customer payment profile should return an unmasked expiration date? Follow this thread and go vote (kudo) his idea post:
UnMasked Expiration Date in Hosted CIM's getCustomerProfileRequest by CoryAuth on 01-23-2015 11:08 AM
i want to get the credit card type and credit card exipry date from AUTHORIZE API.
example for credit card type is VISA,MASTER CARD.
is there a way that i can get these two details from authrize api.