I'm integrating Accept Hosted into my website. For various reasons, I need to use Customer Profiles. I also want to allow guest checkout (i.e. no need to login).
The ANET system returns a Customer Profile ID if a customer's email address matches an exsiting profile. But how can I prevent someone from faudulenty using someone else's email and charging an associated Payment Profile? Is the only protection to require that the card code be entered?
I can build an account system on my end that stores Customer Profile IDs and requires password authentication to access Payment Profiles, but then it is no longer a "guest checkout".
Is there a better solution for this?
Typically we see implementations where customer profiles are used only after the user has authenticated to the system and a customer profile is associated to that specific user.
For guest checkout, we would not recommend using customer profiles but instead perform a one-time transaction.
If that's the case and I can't use Customer Profiles for guest checkout, I'm brought back around to my previous problem regarding addresses and sales tax:
It seems like every solution leads to another problem.
How can I allow guest checkout, caculate sales tax, and include address information with the transaction?