My company currently uses the AIM API for eCommerce transactions. While it is clear we could further integrate the Credit and Refund APIs (via a customer service portal), the approach for "up-charges" is not so clear.
After the initial ecommerce transaction, customers will frequently call and request changes to their order, which can result in a higher price. Currently, we go through the Auth.Net website to make these changes manually (via Finance team).
We would like to add an "up-charge" function to our customer service portal that would allow the customer service representative to increase the credit card charges, *without* asking the customer for their credit card number. We also do not want to store credit card numbers locally in any way or have direct access to them.
An Auth.Net rep said we could integrate CIM...but the process is not entirely clear. When using CIM, do customers need to explicitly agree to allow credit card information to be saved for later?
What suggestions do you have for this situation?
We only need the ability to do upcharges within 10-15 days of the original order.
As long as you're PCI-compliant, you don't need to ask. Since Authorize.net is doing all the actual storage, you're not storing the credit card info yourself anyway - you're only responsible for password security on your hosting and maybe data transfer security (SSL) if you're using custom CIM forms on your site rather than Authorize.net's hosted CIM.
Short version - use CIM.