Strictly speaking this is a big question!
I create customer profiles of the users who register on my site and I want to prevent them duplicate their profiles by validating
their credit card numbers.
I see 2 ways of doing it but there is a difficulty.
1. Create customer payment profile and see if it duplicating.
But it requests customer profile id which certainly would be new one! I can't create payment profile without customer profile.
2. Fetch ALL THE payment profiles.
This way is silly per se! But ok, even if I do so I can only compare 4 last digits of credit card - that is not enough!
What should I do?
P.S. Yes I read this topic where the goal was just contrary to mine.
01-13-2012 04:54 PM - edited 01-13-2012 04:56 PM
And one more, please REPLACE RICH TEXT WITH SMTH DIFFERENT!!!
It doesn't work in Google Chrome at all and works buggy in FireFox. All browsers are the latest. OS - Ubuntu
01-13-2012 04:57 PM
Rich Text doesn't work on Firefox on my old Mac either. It does work on this Mac, which is still old but at least has a Pentium processor and OS X 10.4. Haven't tested on my PC.
01-13-2012 06:15 PM
You should store profile ID's whenever a profile is created, to associate it with the user it corresponds to. Short of that, you can just attempt to create a profile each time, which means that sometimes you'll get back a duplicate profile error - but since the duplicate profile error also returns the duplicate profile ID, you can just accept that and move on.
If, however, your problem is that you have a bunch of billing profiles with unvalidated credit cards (because perhaps you weren't using validation mode), and you want to validate them now to bring your system up to spec, then just create a script to cycle through all the profiles one at a time (or multiples using fork / threads / whatever...) and run validateCustomerPaymentProfileRequest() a bunch of times. Only one problem - it requires the card code if you're using the CCV security features, and that isn't stored. So you'd need to turn off the CCV temporarily. But I suppose you could run in validationMode = testMode and that would hopefully test the expiration date without generating a transaction fee.
Hopefully this helps.
01-13-2012 06:24 PM
TJPride can you explain how just created payment profile can be duplicated if authorize.net processor matches all the given fields among which I have to pass CustomerProfileId? This CustomerProfileId certainly will be new one, cause I register new person. But BEFORE his registration I want to validate if provided credit card already in use. I want to be sure that this persong previously didn't register with his credit card but using another email (I've got users' unique emails).
But ok, I think I know how to do validation. I'll store unique hash of credit card and compare new one with already existing one.
01-16-2012 09:41 AM - edited 01-16-2012 09:42 AM
The only way to check before attempting to create a profile would be to have the entire card number, which obviously you won't have. I suppose if you're using regular CIM instead of hosted CIM, and the user enters all their information on a single form when they sign up, you could store the last 4 digits of the credit card in your database - those aren't considered a security violation - and use them to sort of match (if the last 4 match as well one or more other key pieces of information, it's probably a match and you can throw an error).
The fields used for duplicate checks are:
createCustomerProfileRequest
merchantCustomerId, description, email
createCustomerPaymentProfileRequest
customerProfileId, cardNumber, accountNumber, routingNumber, billToFirstName, billToLastName, billToAddress, billToZip
createCustomerShippingAddressRequest
customerProfileId, firstName, lastName, address, zip, phoneNumber
Note that createCustomerProfileRequest can include all of that information all in one go, in which case I'm not sure if you get a duplicate error if any of the three sets is duped, or only if the first set is duped. If just the first set, then you'll be stuck self-verifying as stated above. I really should experiment with this when I have more time.
01-16-2012 02:04 PM