Has anyone come up with a satisfactory system for giving the user info on the result of their pre-auth, but preventing fraudsters from testing stolen cards?
The Authorize.net configuration will email the GPG'd credit card info, you can decide if you are going to just authorize, or capture each sale . The system I work with, just authorizes transactions, then posts for settlement upon shipment in the admin UI - this feature is built in since (5.4?). The only drawback on authorizations: if the customer attempts to complete a sale and it takes 2-3 attempts, using incorrect billing address or zip, and they finally get it right on the 4th try - each attempt to validate the card locks up the funds for about 24 hours. So if they try to finish a sale for $100.00 ,4 times, they have reduced their available credit by $400.00 until the first three attempts clear - this doesn't happen often, but some people get a little irate about it.
I wrote some custom code which limits the number of times that they can attempt to test a credit card for valid billing address and zip code, then locks out further attempts, also added CVV test - this really put a damper on fraudulent activity, but doesn't stop it all. We capture international cards without authorization, for later review - we have a really strict policy on international cards on unknown customers.
Once you dig into the processing of credit card/payment processes, can do just about anything you need.
Steve
_______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.