Hi,
I would like to use CIM, but would like to give customers a choice on whether or not to store their credit card information. If I use CIM to do this, do I need to delete the customer payment profile after each transaction? In other words, if a customer does not want to store their credit card information, do I have to do these 3 steps each time:
1) createCustomerPaymentProfileRequest
2) createCustomerProfileTransactionRequest
3) deleteCustomerPaymentProfileRequest
Or, is there a simpler way to process a credit card transaction using CIM, without storing the customer's credit card information?
Thanks,
Jenni
11-11-2011 08:47 PM
Or use AIM.
11-12-2011 09:02 AM - edited 11-12-2011 09:09 AM
Why bother telling them their credit card information is being stored? Authorize.net is extremely secure, and the only way their credit card info is going to be hacked is if someone gets into your hosting. If someone gets into your hosting, you're doomed anyway, since the same exact method (adding a few lines of code between your form and the Authorize.net calls) will work regardless of whether you're deleting the profiles afterwards or using AIM or whatever. You're making life much more difficult for yourself for no actual gain in security.
The exception, I suppose, would be if you were using hosted CIM to collect the credit card info, but again, I wouldn't worry much about the Authorize.net end of things. As far as the customer is concerned, better not to mention security unless you work in security and your customers are going to be constantly asking about it.
11-12-2011 06:53 PM
Thanks for the reponse.
If I go the route of not telling the customer that their credit card information was stored, would this cause a problem if the customer pays again using the same credit card?
The next time a customer pays using the same credit card, would authorize.net throw an error when I call createCustomerPaymentProfileRequest with the same credit card that they used previously?
Thanks
Jenni
11-13-2011 02:13 PM
Yes, however it passes the profile ID back when it does and you can just use that. Fairly easy to test, just run the same credit card through twice and print out the response fields.
11-13-2011 05:45 PM
Thanks again for the response..
On another thread, it says that only the duplicate Customer Profile ID is passed back, not the duplicate Payment Profile ID:
"It does appear that our documentation needs to be updated. Right now, using CIM, you can only get the error code with the duplicate ID for createCustomerProfileRequest, not createCustomerPaymentProfileRequest"
So you would need to iterate through that customer's Payment Profile IDs to find which is the duplicate and use that one
Is that your understanding as well?
Thanks a lot
Jenni
11-14-2011 08:37 AM
Well, you could cycle through them and look for a match on the last 4 numbers, I suppose. Would be more convenient to get back a payment profile ID, though, you're right about that. I do notice the post you're referencing is from 2009, perhaps they've added this to the list of things to do since then?
11-14-2011 03:36 PM