cancel
Showing results for 
Search instead for 
Did you mean: 

Trial Period Abuse

I offer a trial membership through my site.  I am looking for solutions to prevent trial abuise.  Meaning, I do not want someone signing up for a free trail, canceling before membership is billed, then signing up for another free trial.  Are there any solutions available through CIM for this problem? 

 

Ideally, I would like to query the existing customer profiles for the credit card number and see if it was associated with a previous trial.  Can this be done?

 

Any suggestion would be welcome. 

tannernd
Member
5 REPLIES 5

If you are not using the hosted CIM, you could use ONE generic customer profile, and add the cc# as a payment profile, if it successful, create the real customer profile and add that CC# to that.

RaynorC1emen7
Expert

You would need access to previous credit card numbers in some form to be able to do that. Theoretically, you could use regular CIM rather than hosted CIM to set up profiles, and store one-way hashes of the numbers as they pass through so you can then check against them later. This will of course expose you to credit card data to some extent, and increase your security requirements significantly vs hosted CIM. What is the trial abuse rate right now?

TJPride
Expert

RaynorC1emen7 wrote:

 

If you are not using the hosted CIM, you could use ONE generic customer profile, and add the cc# as a payment profile, if it successful, create the real customer profile and add that CC# to that.


Isn't there a limit to 10 payment profiles on a customer profile?  If I add the card to a "trial" profile, wouldn't I be limited to only 10 credit cards to check against?


@TJPride wrote:

You would need access to previous credit card numbers in some form to be able to do that. Theoretically, you could use regular CIM rather than hosted CIM to set up profiles, and store one-way hashes of the numbers as they pass through so you can then check against them later. This will of course expose you to credit card data to some extent, and increase your security requirements significantly vs hosted CIM. What is the trial abuse rate right now?


Thankfully, no major abuse at this time, but I am trying to be proactive. Obviouslty, I am hoping to avoid increased PCI scrutiny.

Didn't remember that. But you are correct, limit are 10. Probably have to do what TJPride suggest. Hash and might also saved the last 4.