Hello. Do any of Authrorize.net's APIs allow one to...
a) Maintain a negative card list?
b) Prohibit a new customer from using the same credit card number that is "on file" for an existing customer?
Thanks for any insights you're willing to share.
a) No. However, you could one-way hash the card numbers you don't like and store them that way, it shouldn't affect your PCI security.
b) No. Logically, multiple people could be using the same card, for instance a husband and wife. The fields used to check for dupes are:
customerProfileId, cardNumber, accountNumber, routingNumber, billToFirstName, billToLastName, billToAddress, and billToZip
Again, you could one-way hash the card (if not using one of the hosted solutions), and match on that. You could also retrieve the masked version of the credit card, which gives you just the last 4 digits, and match on that plus last name, phone, zip code, or some other single piece of info - this would be mostly accurate, with only a small chance of false positive.