Using the Authorize.net SDK (PHP) on api.authorize.net with validationMode set to liveMode, when I call updateCustomerPaymentProfile with a valid card, but enter an incorrect expiration date, the direct response comes back as "This transaction has been approved" when it really should be declined for having the wrong expiration date. Here's the request / response (with sensitive user/address data obfuscated)
----Request----
<?xml version="1.0" encoding="utf-8"?>
<updateCustomerPaymentProfileRequest xmlns="AnetApi/xml/v1/schema/AnetApiSchema.xsd"><merchantAuthentication><name>xxxxxxxxxxx</name><transactionKey>xxxxxxxxxxxxxxxx</transactionKey></merchantAuthentication><customerProfileId>12345678</customerProfileId><paymentProfile><customerType>individual</customerType><billTo><firstName>First</firstName><lastName>Last</lastName><address>Street</address><city>City</city><state>State</state><zip>12345</zip><country>Country</country><phoneNumber>5555555555</phoneNumber></billTo><payment><creditCard><cardNumber>XXXX1111</cardNumber><expirationDate>2013-05</expirationDate></creditCard></payment><customerPaymentProfileId>87654321</customerPaymentProfileId></paymentProfile><validationMode>liveMode</validationMode></updateCustomerPaymentProfileRequest>
----Response----
<?xml version="1.0" encoding="utf-8"?><updateCustomerPaymentProfileResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="AnetApi/xml/v1/schema/AnetApiSchema.xsd"><messages><resultCode>Ok</resultCode><message><code>I00001</code><text>Successful.</text></message></messages><validationDirectResponse>1|1|1|This transaction has been approved.|xxxxx|Y|1234567890|none|Test transaction for ValidateCustomerPaymentProfile.|0.00|CC|auth_only|65|First|Last||Street|City|State|12345|Country|5555555555||xxxxxx@xxxxxxxxxxxx.xxx|none|none|none|none|none|none|none|none|0.00|0.00|0.00|FALSE|none|xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx|||||||||||||XXXX1111|XXXXXXXX||||||||||||||||</validationDirectResponse></updateCustomerPaymentProfileResponse>
Other incorrect info (such as wrong CVV, wrong card number, wrong billing address) are declined as they should be - just not the expiration date. Interestingly, createCustomerPaymentProfile WILL decline a card with an incorrect expiration date.
Has anyone else encountered this problem or knows why updateCustomerPaymentProfile might ignore validation of the expiration date?
Thank you!
03-13-2012 11:03 AM
I assume this is in live mode and not test mode? As in the transaction is not in test mode - I'm not referring to the validation mode.
03-13-2012 12:10 PM - edited 03-13-2012 12:11 PM
Hi TJ, Thank you for your reply. Yes, this is all in live mode.
03-13-2012 01:31 PM
I'm not seeing anything obviously wrong with your request. Going to have to see if a mod can provide more insight, they have the ability to check transactions on the Authorize.net end of things.
03-13-2012 01:59 PM
Hi,
03-15-2012 02:16 PM
Thank you very much for your response, Joy. I understand that it's up to the individual bank as to whether expiration date is validated. However, in my testing on the live server I was seeing createCustomerPaymentProfile *declining* my card when I entered the wrong expiration date. Yet, updateCustomerPaymentProfile was approving the same card (with incorrect date). Why would one function work as expected, and not the other?
03-16-2012 07:30 PM
Hi MartinEvans,
As long as you are running the same validation mode for both the create and update requests, then they are handled identically by our system. There is no reason that one should approve and another decline given the same information.
Thanks,
Joy
03-19-2012 02:34 PM
Hi Joy,
Thank you for your reply. I double checked and I'm definitely running both requests in liveMode. Here's a sample of the code I'm using to make the API requests.
$request = new AuthorizeNetCIM;
$paymentProfile = new AuthorizeNetPaymentProfile;
$paymentProfile->customerType = "individual";
$paymentProfile->payment->creditCard->cardNumber = $cardinfo['ccnum'];
$paymentProfile->payment->creditCard->expirationDate = $cardinfo['ccexp'];
$paymentProfile->billTo->firstName = $cardinfo['ccfirstname'];
$paymentProfile->billTo->lastName = $cardinfo['cclastname'];
$paymentProfile->billTo->company = $cardinfo['cccompany'];
$paymentProfile->billTo->address = $cardinfo['ccaddress'];
$paymentProfile->billTo->city = $cardinfo['cccity'];
$paymentProfile->billTo->state = $cardinfo['ccstate'];
$paymentProfile->billTo->zip = $cardinfo['cczip'];
$paymentProfile->billTo->country = $cardinfo['cccountry'];
$paymentProfile->billTo->phoneNumber = $cardinfo['ccphone'];
$cardCode = 0;
if (isset($cardinfo['cccode']))
{
$paymentProfile->payment->creditCard->cardCode = $cardinfo['cccode'];
$cardCode = $cardinfo['cccode'];
}
$mode = "liveMode";
if ($this->GetValue("testmode") == 'YES')
{
$mode = "testMode";
}
$response = $request->updateCustomerPaymentProfile($cimid,$ppid,$paymentProfile, $mode);
=============
The code for creating a customer profile is identical to the code above except for the last line:
$response = $request->createCustomerPaymentProfile($cardinfo['cimid'], $paymentProfile, $mode);
In each case the value of $mode is "liveMode". Is there anything else I could possibly be doing wrong to get an "accepted" reponse from updateCustomerPaymentProfile when it should be coming back as "declined" based on expiration date?
Thanks!
Martin
03-20-2012 12:51 PM
Hi,
I suggest that you email Developer@Authorize.Net with specific examples like transaction ID, Payment Gateway ID, etc. and we will check this for you. Please do not post this type of information on this thread.
Thanks,
Joy
03-23-2012 10:19 AM