Cybersource Developer Community Cybersource Developer Community

From the documentation, any fields passed to the SIM hosted form are supposed to be posted back to the relay URL. This happens correctly for most of our transactions, but one specific customer/credit card gets a corrupted field. This is not a programming issue.

1. Here is an asp code sample:

Sub WriteHTMLSIM()

	Dim url

	if objPage.IsProd then
		url				= "https://secure.authorize.net/gateway/transact.dll"
	else
		url				= "https://test.authorize.net/gateway/transact.dll"
	end if

	writeln("<form method='POST' action='" & url & "' name='frmMain' id='frmMain' autocomplete='off'>")
	writeln("<input type='hidden' name='hidAction' value=''>")
	
	Call objPage.WritePageHead("Step 2 of 3 - Verify and Submit Your Payment", false)
	
	writeln("<table class=tblText width=600>")
	writeln("	<tr>")
	writeln("		<td>")
	writeln("			Please verify the information below and click <b>&quot;Confirm&quot;</b> to enter your payment information.")
	writeln("		</td>")
	writeln("	</tr>")
	writeln("</table>")
	writeln("<br>")
	
	writeln("<table width=600 class='tblTextBdr' bgcolor='white'>")
	writeln("	<tr class=trHeading>")
	writeln("		<td colspan=2>Payment Summary</td>")
	writeln("	</tr>")
	writeln("	<tr>")
	writeln("		<td>")
	writeln("			<table width=100% class=tblText>")
	writeln("				<tr>")
	writeln("					<th align='left'>Payment Amount:</th>")
	writeln("					<td>" & FormatCurrency(strAmount,2,vbTrue,vbTrue,vbTrue) & "</td>")
	writeln("				</tr>")
	writeln("				<tr>")
	writeln("					<th align='left'>Posting Date:</th>")
	writeln("					<td>" & strPosting_Date & "</td>")
	writeln("				</tr>")
	writeln("				<tr>")
	writeln("					<th align='left'>Payment Method:</th>")
	writeln("					<td>*** Single Use ***</td>")
	writeln("				</tr>")
	writeln("			</table>")
	writeln("		</td>")
	writeln("	</tr>")
	writeln("	<tr>")
	writeln("		<td colspan='2' align='center'>&nbsp;</td>")
	writeln("	</tr>")
	writeln("	<tr>")
	writeln("		<td>")
	writeln("			<table width=100% class=tblText>")
	writeln("				<tr>")
	writeln("					<td><input type='button' value=""Confirm"" name='cmdPost' onclick='validateForm()' class='formField'></td>")
	writeln("					<td><input type='button' value='Edit Payment Information' name='cmdEdit' onclick='editForm()' class='formField'></td>")
	writeln("				</tr>")
	writeln("			</table>")
	writeln("		</td>")
	writeln("	</tr>")
	
	writeln("</table>")
	writeln("<br>")
	
	writeln("<input type='hidden' name='hidEmail_Addr' value='"& EncryptString(strEmail_Addr) & "'>")
	
	'Payment Vars
	writeln("<input type='hidden' name='hidOptAmount' value='"& strOptAmount & "'>")
	writeln("<input type='hidden' name='hidAmount' value='"& strAmount & "'>")
	
	'Profile Vars
	writeln("<input type='hidden' name='hidPosting_Date' value='"& EncryptString(strPosting_Date) & "'>")
	
	writeln("<input type='hidden' name='hidCCPR_Customer_Ref_Num' value='"& EncryptString(strCCPR_Customer_Ref_Num) & "'>")
	writeln("<input type='hidden' name='hidCCPR_CC_Number' value='"& EncryptString(strCCPR_CC_Number) & "'>")
	writeln("<input type='hidden' name='hidCCPR_ECP_Account_No' value='"& EncryptString(strCCPR_ECP_Account_No) & "'>")
	writeln("<input type='hidden' name='hidCCPR_Cust_Profile_Id' value='"& EncryptString(strCCPR_Cust_Profile_Id) & "'>")
	writeln("<input type='hidden' name='hidCCPR_Pmt_Profile_Id' value='"& EncryptString(strCCPR_Pmt_Profile_Id) & "'>")
	writeln("<input type='hidden' name='hidCCPR_CC_Security_Code' value='"& EncryptString(strCCPR_CC_Security_Code) & "'>")
	
	writeln("<input type='hidden' name='hidCust_Id' value='"& gstrCustomerId & "'>")
	writeln("<input type='hidden' name='hidAddress_Id' value='"& gstrAddressId & "'>")
	writeln("<input type='hidden' name='hidAgreement_Id' value='"& gstrAgreementId & "'>")
	writeln("<input type='hidden' name='hidAccount_Id' value='"& gstraccountId & "'>")
	
	if objPage.IsProd then
		writeln("<input type='hidden' name='hidProd' value='Y'>")
	else
		writeln("<input type='hidden' name='hidProd' value='N'>")
	end if
	
	' the parameters for the payment can be configured here
	' the API Login ID and Transaction Key must be replaced with valid values
	Dim testMode
	testMode		= "false"
	
	Dim objAuthNetLogin
	Set objAuthNetLogin = New clsAuthNetLogin
	
	With objAuthNetLogin
		.Action = "FETCH"
		.UseLoginId = true
		.UseTransactionKey = true
		.UseHashValue = false
		.IsProd = objPage.IsProd
		.ProcessRequest
		if .ErrorsFound then
			err.raise 33, "Error:" & .ErrorMessage
		end if
	End With
	
	Dim invoice
	invoice	= Year(Date) & Month(Date) &  Day(Date) & Hour(Now) & Minute(Now) & Second(Now)
	Dim sequence
	Randomize
	sequence	= Int(1000 * Rnd)
	Dim timeStamp
	timeStamp = simTimeStamp()
	Dim fingerprint
	fingerprint = HMAC (objAuthNetLogin.TransactionKey, objAuthNetLogin.LoginId & "^" & sequence & "^" & timeStamp & "^" & strAmount & "^")
	
	Response.Write("	<input type='hidden' name='x_login' value='" & objAuthNetLogin.LoginId & "' />")
	Response.Write("	<input type='hidden' name='x_amount' value='" & strAmount & "' />")
	Response.Write("	<input type='hidden' name='x_fp_sequence' value='" & sequence & "' />")
	Response.Write("	<input type='hidden' name='x_fp_timestamp' value='" & timeStamp & "' />")
	Response.Write("	<input type='hidden' name='x_fp_hash' value='" & fingerprint & "' />")
	Response.Write("	<input type='hidden' name='x_test_request' value='" & testMode & "' />")
	Response.Write("	<input type='hidden' name='x_cust_id' value='" & gstrCustomerId & "-" & gstrAddressId & "-" & gstrAgreementId & "' />")
	Response.Write("	<input type='hidden' name='x_rename' value='x_cust_id,Account Number' />")
	Response.Write("	<input type='hidden' name='x_logo_url' value='" & objPage.Domain & "/test/test.gif' />")
	Response.Write("	<input type='hidden' name='x_cancel_url' value='" & objPage.Domain & "/test/test.asp' />")
	Response.Write("	<input type='hidden' name='x_show_form' value='PAYMENT_FORM' />")
	Response.Write("	<input type='hidden' name='x_relay_response' value='TRUE' />")
	Response.Write("	<input type='hidden' name='x_relay_always' value='FALSE' />")
	Response.Write("	<input type='hidden' name='x_relay_url' value='https://test.test.test/test/test.asp' />")
	Response.Write("</form>")
	
	Set objAuthNetLogin = Nothing

End Sub

2. Note the x_cust_id field and the hidAgreement_Id field, and that both fields have the contents of variable gstrAgreementId written to them. When the relay url is posted to, it reads in fields hidCust_Id, hidAddress_Id, and hidAgreement_Id among other things.

3. When the relay url reads fields hidCust_Id and hidAddress_Id, they have the correct contents. For example they may have "123456" and "654321" which are the same values that were passed into the SIM hosted form. When I read hidAgreement_Id, it will contain "*', despite the fact that "001" was passed to the SIM hosted form instead. If the relay url looks at the value in x_cust_id, it correctly shows "123456-654321-001". This clearly shows that the correct value was in variable gstrAgreementId at the time the fields were written out, but it appears that Authorize.net lost the value of hidAgreement_Id and replaced it with "*".

4. Please look into this. So far, this issue happens with a single customer/card combination. It has happened multiple times in different months for this particular customer/card. The corruption did not happen when the customer paid with a different card, which seems to rule out an issue with the customer's comptuer. The problematic card gets charged fine apparently, though my relay page detects the garbage data in the hidAgreement_Id field and automatically voids the charge to the card. I have a list of trans id's for which this problem has occurred.

Thanks.