Hello!
I’m investigating an opportunity to use Authorize.net CIM solution for developing an online payment option for an online store.
There are couple constraints:
I’m trying to figure out if following approach might work:
1. From an online store system I’m creating CIM profiles for already existing online shoppers and all new accounts with createCustomerProfileRequest
2. Online shopper stores credit card details via configured Authorize.net hosted forms (from Checkout or Account management). hostedProfileValidationMode = LiveMode
3. I’m getting Payment profiles for the customer via getCustomerPaymentProfileRequest to ask the online shopper what is the preferred payment card and store the payment profile ID for the order.
4. After the order is processed at the fulfillment center and the final total is known I want to charge the online shopper with a request createCustomerProfileTransactionRequest and deliver the order in case of successful payment. The request should be initiated from my backend systems basing on an order status change.
There is one problem with the described approach I can not solve. I want to be sure that my online shopper owns the card. So I need to validate Card Code for cards which an online shopper stores via hosted forms. For this purpose I can configure CVV filtering like it’s described at Standard Transaction Security Settings.
But I will not know the Card Code at the step 4. And createCustomerProfileTransactionRequest description claims that it’s required if the CVV filtering is On.
I’ve been thinking about moving the filtering logic to my store back-end systems but I don’t know how to get the Card Code Response after it’s saved from the hosted form.
Could you please advice if there is a CVV filtering configuration allowing to check the Card code only for new cards?
If I configured the filtering to void transactions for responses 'N = The Card Code does not match' and forwarded an empty (or NULL?) Card Code at createCustomerProfileTransactionRequest will I get some error like for mandatory field missing "E00041 One or more fields must contain a value"?
11-12-2014 06:26 AM
Hello @Alb
The cardCode (CVV) is used only for the LiveMode validation and is not stored in the customer profile.
Richard
.
11-14-2014 09:23 AM