Showing results for 
Search instead for 
Did you mean: 

CIM card expiration date

On ‎09-09-2013 RichardH wrote:

I've noted your request to enhance our API to return the credit cart expiration date and forwarded it to our product management team for consideration in a future release.  I would suggest subscribing to this topic to be notified if there are updates.


The thread appears to be locked now and the API manual has been updated to no longer include the screen shots that show the Hosted CIM form displaying the expiration date next to the masked card number. The issue has caused friction for us since day one and has become a selling point of alternate providers. We tried making a last-ditch effort and reaching out to Authorize.Net support. They said:


Andre M: You can look up the expiration dates.
Andre M: Click Tools from the main toolbar.
Andre M: Then click Customer Information manager from the left side menu.
Andre M: You can find them here.
Andre M: Or use the Customer Information Manager API.      


I tested and am still getting a masked value back so this is not true.


Please stop masking the expiration date or if it makes someone feel better about not having them both in the same return, provide a different API call to return just the unmasked expiration date so it is no longer delivered with the masked card account number.


I for one cannot understand the logic that says it is OK to display them together in the merchant portal and in one (but only one) form of the Hosted CIM form but not show it in other versions of the hosted form and not send it back in CIM. Let us decide if we want it or not and give us a call to get it.


Thank you


Hello @jlanawalt 

You are correct, we do have this request on our list of enhancements we would like to deliver.  However, I don't yet have have any details on when we could deliver.  When we do, I'll be sure to let you know by responding to the original thread.



Administrator Administrator

Please add me to the list of integrators that want this functionality added.  Other vendors, for example: ProtectPay provide this feature now.

Ditto here for the feature request. This has been a major issue with all of our customers that use CIM.

Yes it's time that Authorize.Net upped it's game when it comes to providing data back to client programs.  Not having this data creates problems when attempting to reuse a card.


My thought on why this was masked in the first place is that someone thought that the data is protected.  The expiration date does not need to be rendered unreadable per PA-DSS V3.  The expiration date should be unmasked when CIM functions GetCustomerProfile or GetCustomerPaymentProfile are called.



I could not agree MORE.  Not providing an expiration date or at a minimum an 'expired flag' available in the payment profile request  response payload make things more complicated than is necessary.  With an 'expired flag'  you could in some cases avoid a possible costly (merchant transaction/gateway fee) validation operation if using CIM payment profiles to create a payment transaction. 


For those that want to go further in culling expired (CIM) payment profiles that maybe causing you transactional woe's.  Forget the CIM API validateCustomerPaymentProfie (cost's money).. You will need to scrape the results of an 'Advanced Search' options search by exipiration date.  Probe the payment profiles exipration date, save the bad payment profile id and along with the customer profile id and issue a deleteCustomerPaymentProfile through the CIM API.  Your payment profile history link is just a filter as far as I can determine.  All payment transactions are 'rolled up' under the Customer History. You loose nothing.


I agree with the above, and made this complaint earlier. There is no reason to mask the expiration date and this has forced me to store it myself. I'd rather not have to do that.

Regular Contributor
Regular Contributor


We appreciate the feedback on exposing the card expiration date with CIM.  I've added your posts to the other requests for this feature.

I'd recommend subscribing to this topic so that you'll be alerted via email if there are updates. To subscribe, click Topic Options at the top of this thread and then select Subscribe. You'll then receive an email once anyone replies to your post.



Apparently this has yet to be resolved?

I have a client that was using the Hosted Page, and I am creating a new site for them and using the API calls to integrate the data directly into thier account settings pages, etc. instead of serving the hosted page in an iframe. 

But our sticking point now, is that thier current hosted page solution shows the expiration date, and allows it to be edited.

Since the API calls will only return a masked expiration date, I can not duplicate this feature. 

Using features in the hosted pages, that are not avaialbe via the API, puts us developers at an unfair advantage. either needs to decide that expiration date is sensentive and needs to be masked, and mask it in thier hosted pages as well. Or provide a way for us developers to access provide the same level of interface as the hosted pages do.


We're still waiting and I'm getting pressure to look to other solutions so I've returned to search the forums to see if anyone had answers.


In another thread about CIM returning masked expiration dates it was suggestedo to put the topic under the ideas forum and vote for it, so in addition to subscribing here, go vote (kudo) the idea in the ideas forum:


UnMasked Expiration Date in Hosted CIM's getCustomerProfileRequest by CoryAuth on ‎01-23-2015 11:08 AM