I have seen blogs & forum threads about the sending of warning emails that the customers account was about to expire. Kind of old, so making a thread.
First, a couple of observations:
I think this would be a valuable enhancement to opt into. CIM's major attraction is freeing merchants from possessing any of this kryptonite. Yet there is this one thing which forces some merchants to store multiple last-4's & expiration dates.
Doing this might be a little more straight forward for payment systems where each actually customer signs up to it. All the more important to address the deficency here. Am I alone, here?
02-02-2012 10:34 AM - edited 02-02-2012 10:35 AM
There are instances where people might not want warning messages sent, however I think there are also a lot of cases where this would be a useful feature. If it were me, I'd have a setting in the control panel with options:
- Do not notify
- Send email notification
- Post notification to callback URL x
I'd personally use that third option, by setting up a second callback page just for this and generating emails or not depending on what I'm using the CIM account for.
02-02-2012 12:46 PM
Every new emailing feature creates a big drag effect: level of customization needed for the email by the merchant, how to enter the customization info into the Auth.Net system, testing, documenting, training the support reps, maintaining the new email feature, etc etc. Also how often do you want the reminder emails sent? And how long before the expiration date? Eg a msg a week starting two months before expiration?
If I get a card expired failure msg from a CIM transaction, I use that to notify the sales dept and to send a msg to the customer. Why sales? Because they want to call the customer if he doesn't promptly update the card data for re-charging.
Or you can ask the customer to enter just the expiration date into your own database (not the card number, just the exp date) and then send out the reminder emails yourself.
I'd much rather have Auth.Net work on the things that I can't do rather than the things that I can do.
Eg, I'd like them to give an api for creating an ARB subscription from a CIM entry.
02-07-2012 07:33 AM
ps. From a PCI point of view, it is best not to store the expiration date as an expiration date, per se.
Instead, think of it as a "send email reminder date" Eg. if the exp date is 10/2012, then the last day the card can be used is 10/31/2012. But of you think of it as a email reminder date, then use the first of the month: 10/1/2012.
See this post for more on this.
02-07-2012 07:50 AM
As I posted in reply to that some time ago, offsetting the expiration date and calling it a "new piece of information" is a sophism. It's mind-numbingly easy to reverse, and as such falls under the category of naming away the problem rather than really solving it.
02-07-2012 11:55 AM