cancel
Showing results for 
Search instead for 
Did you mean: 

why is authorize.net changing some form hidden field values to asterisk *?

I am using SIM method to post transaction to authorize.net. My site has a checkout form which has few hidden form fields. One of them is sale id so the field looks like

 

 

<input type="hidden" name="r_sale_id" value="508" id="r_sale_id" />

Now my server has been recording a type error every once in a while. I had overlooked this error thinking it was some kind of hacking attempt or intentional malicious data to the web app.  Yesterday this issue became a problem i.e one of the registrants reported that she had already made the payment but the system doesnt have her information. It was verified that the registrant had indeed made the payment i.e authorize.net merchant account showed that her transaction was settled.  I tracked the problem and it was related to a form field value being  asterisk. 

 

It seems that sometimes authorize.net will set the hidden field value to * so even though in the above example or checkout form the value was 508 when the field value is extracted after the result is posted by authorize.net back to the web app, the value becomes *.

 

The code that will extract the above field is as follows. 

Result result = Result.createResult(apiLoginId, md5HashKey, request.parameterMap)
String saleId = result.responseMap.get(R_SALE_ID.fieldName) ?: ''

Here, once in a while the value of saleId is  * whereas it should have been 508 in the above example since that was what was present in the checkout form. Can you please explain this anamoly? Why does authorize.net sometimes change the field value to *? I appreciate any help to this dilemma! Thanks!

 

kofhearts
Contributor
2 REPLIES 2

Hello @kofhearts

 

The gateway will check the values sent through user defined fields to ensure they don't contain sensitive information.  If a possible value is found, like a 3 digit numerical value that is similar to a CCV, it will be replaced with asterisks.

 

Richard

RichardH
Administrator Administrator
Administrator

Thank you! We need to make sure this type of error never occurs in future so is there a recommendation that should prevent this conversion to * issue? I think 3 digit numbers are similar to ccv. What if we make sure that the sale ids that we pass to authorize.net will always be 5 digit numbers. Then in this case is there a possibility that a 5 digit number be converted to *? Please let me know. I appreciate it!