I offer a trial membership through my site. I am looking for solutions to prevent trial abuise. Meaning, I do not want someone signing up for a free trail, canceling before membership is billed, then signing up for another free trial. Are there any solutions available through CIM for this problem?
Ideally, I would like to query the existing customer profiles for the credit card number and see if it was associated with a previous trial. Can this be done?
Any suggestion would be welcome.
08-08-2013 01:59 PM
If you are not using the hosted CIM, you could use ONE generic customer profile, and add the cc# as a payment profile, if it successful, create the real customer profile and add that CC# to that.
08-08-2013 04:09 PM
You would need access to previous credit card numbers in some form to be able to do that. Theoretically, you could use regular CIM rather than hosted CIM to set up profiles, and store one-way hashes of the numbers as they pass through so you can then check against them later. This will of course expose you to credit card data to some extent, and increase your security requirements significantly vs hosted CIM. What is the trial abuse rate right now?
08-09-2013 08:30 AM
RaynorC1emen7 wrote:
If you are not using the hosted CIM, you could use ONE generic customer profile, and add the cc# as a payment profile, if it successful, create the real customer profile and add that CC# to that.
Isn't there a limit to 10 payment profiles on a customer profile? If I add the card to a "trial" profile, wouldn't I be limited to only 10 credit cards to check against?
08-09-2013 10:24 AM
@TJPride wrote:You would need access to previous credit card numbers in some form to be able to do that. Theoretically, you could use regular CIM rather than hosted CIM to set up profiles, and store one-way hashes of the numbers as they pass through so you can then check against them later. This will of course expose you to credit card data to some extent, and increase your security requirements significantly vs hosted CIM. What is the trial abuse rate right now?
Thankfully, no major abuse at this time, but I am trying to be proactive. Obviouslty, I am hoping to avoid increased PCI scrutiny.
08-09-2013 10:33 AM
Didn't remember that. But you are correct, limit are 10. Probably have to do what TJPride suggest. Hash and might also saved the last 4.
08-09-2013 11:58 AM