Previously, when using the DIRECT API to process CCs, the IP address of the transaction was saved. Now that we are using the HOSTED solution, this information is not. Why? The IFRAME should retain the customer's browsers IP, and auth.net should store it. Without this, we are unable to use much of the advanced fraud protection features.
Please see here: https://developer.authorize.net/api/reference/#accept-suite-get-an-accept-payment-page On this page, under "Request Field Description" for the "GetHostedPaymentPageRequest", there are no options to input the Customer IP.
The only option for adding in a Customer IP seems to be under the "createTransactionRequest" (https://developer.authorize.net/api/reference/#payment-transactions-charge-a-credit-card), which is not used for the Hosted Payment Page, but for direct order processing through the Authorize.net server. How and why is there not an option to pass the Customer IP through the Hosted Payment Page Request or any of the Customer Profile requests, either?
06-18-2019 11:00 AM
06-18-2019 11:50 AM
The need is for AUTHORIZE.NET to store this IP address so we can then use the auth.net Advance Fraud Filters which allows us to NOT authorize transactions for certain countries. Currently, the CUSTOMER IP addresses for all such HOSTED SOLUTION transactions are "10.141.9.24" (which is the IP for Authorize.net) when view the unsettled or settled transaction history.
Previously, when we used the API to authorize cards on our own website, the customer ip address reflected the IP address of the actual customer. It no longer does.
06-18-2019 11:56 AM
whoopsie. I think you are right. I have never examined the returned IP addresses but I do believe they are all the same now that you mention it.
06-20-2019 08:09 AM