We are using Authorize.NET (AIM + CIM) to process credit cards. Recently I noticed that we are getting many declined payments in transaction log. Most of them are with status "decliner by issuer", which means we don't have any specific information about why transactions are declined. I know there can be various reasons for that, and in many cases the problem lies on customer's end, but my intention is to eliminate any problem on our side and make it work as smooth as possible. In addition, my attention is brought to the fact that some people told us that their banks treated our transactions as suspicious and declined them. I want to check whether we have any problem on our end. Here are the questions I have:
Were there any changes made recently in the banking systems that may cause more transactions to be declined? Are there any known changes in bank policies or technical stuff that affect transaction status (declined or authorized)?
When user purchases a product or signs up for our services, before processing a real payment, we submit $1 transaction to validate his credit card. Then if it is authorized successfully, we void it, save his data in CIM profile and process further payments (on recurring schedule until user unsubscribes from our services). The question is can it make problems by looking suspicious for banks? Is this an acceptable way of handling payments or we should avoid it for some reason?
Is there any documentation or article specifically on the subject of getting as much successful transactions as possible, minimizing declined transactions and eliminating risk of transactions looking suspicious to banks?
We integrated Authorize.NET into our systems about 4 years ago. The code runs normal, but is there anything that is outdated / changed / improved that should be caught up by our code in terms of getting as much successful transactions as possible?
Do you have a high chargeback rate? If that's the case, some issuers may have flagged you as a suspicious merchant.
A few others points that may have an influence:
in which country are you based, and in which countries are your customers? Some banks tend to flag whole countries in their scoring algorithms.
likewise, what's your activity?
do you use 3D Secure (Verified by Visa and the like)?
do you do all the address verification etc.?
Do you get the declines on the initial authorisation, or on subsequent ones?
Also, I suppose the $1 transaction is just an authorisation, right?
Have you tried to see if the declines come from specific issuers (recognisable from the first 4 to 6 digits)?
Related
In the "Coffee with Blockchain" app produced by IBM it performs price matching between Growers and Buyers. I'm wondering how that matching would be implemented (either in the example app or in an actual implementation).
Example of the app can be seen here: https://www.youtube.com/watch?v=suE5KHkESF4
How does "Coffee with Blockchain" match growers to buyers?
Some questions to help guide the answer:
Does that matching operate entirely as chaincode? If so, how would that be implemented?
Eg, would the Grower submit a transaction that they have a new batch of beans ready for shipment and that triggers the match-making part in the chaincode to find/choose a Buyer?
I have my doubts on making that process deterministic, otherwise a grower's new batch announcement fails and they'd have to retry. Perhaps there's a different way of doing so in chaincode?
Or does the matching operate outside of the chaincode, listening for updates in the ledger, and instead it calls the API to invoke a chaincode method to transfer the beans from Grower-A to Buyer-B?
My doubt on that though is the matching is then centralized to some trusted provider, rather than validated/endorsed chaincode.
Thanks
I can only hypothesise based on my understanding of Blockchain. IBM's algorithms are not public, so I do not have first hand knowledge.
But from what I know - Yes, all your understanding seem accurate.
Unlike crytocurrency, in physical commodity, the process of 'mining' is subject to availability of the underlying asset. Farmers are like miners and they will have to announce the production of the commodity. This 'announcement' would trigger the match-making process where registered 'buyers' will be matched.
However, just like you I have my doubts on it being fully "chain code" based. Reason for that being the underlying commodity - coffee - is also simultaneously being traded on commodity exchanges and if the "chain code" prices drifts too far from the exchange prices then the marketplace ecosystem would revert back to traditional channels outside of blockchain.
So in a way the commodity exchange is still the "trusted provider" of the pricing match (albeit indirectly).
Like you, I am of the opinion that this implementation creates more questions than solutions.
This video tries to explain some details -> Journey of Coffee on Blockchain
In my opinion, it might works in other way round:
When GROWER-A submits a transaction that they have a new batch of beans ready for shipment, then it is added to a list and it will be triggered when a BUYER-B wants to buy some quantity of bean.
Suppose a BUYER-B wants to buy a new batch of beans(some quantity), then it will trigger the API to invoke a chaincode method to transfer the beans from GROWER-A to BUYER-B.
So from this it can be concluded that, there might be a chance of two chain, chain A for GROWER which will be add on block when GROWER-A wants to submit a bean and remove one block when BUYER-B wants to buy it.
And chain B will be for buyer which will work alternatively.
This video explains the example in detail. Hope it answers some of your questions.
Per this explainer video -
1) Buyer brews a cup of coffee, and hence its stock of coffee beans goes down
2) Buyer buys beans to restock
3) Grower ships beans to the buyer
4) Once the Buyer confirms the receipt of the shipment, grower gets paid
The video also explains:
Coffee beans prices may differ based upon the quality and demand. Quality may be determined by popularity or by a certifying body
All the transactions are governed by Smart Contracts. Each participant in this, say Coffee Business, network - the buyer, the grower, the payment company, the bank, the certifying body, the shipping company, even coffee making machines (read, IoT) - agrees to abide by relevant contract(s)
As far as I know, IBM's Blockchain solution is for Enterprises, and not general public, like Bitcoin Exchange. So, all the enterprises become part of that same network.
I am developing an online ticketing system for events (like concerts). A basic part is a seat chart where the visitors will be presented the available seats/tickets to choose from. Once they make a selection, the system immediately tries to reserve the tickets for 10 minutes (by entering the ticket IDs into a table where ticket ID is key).
Only if the reservation was succesful, a paypal button is presented to make the payment.
All this works fine. Ticket Reservation is not a problem for me. I can handle that in my system. But once paypal comes into the game, things get difficult.
The Problem:
If the user for some reason spends a lot of time in Paypal (more than 10 minutes), the ticket reservation on my website will expire, allowing the tickets to be bought by another visitor, which might happen before visitor 1 makes the payment. Visitor 1 does not see any of this because he is still in paypal... At some point in time, he will manage to make the payment (e.g. after 15 minutes), which will perfectly work because paypal does not know anything about expired reservations.
In the end, I might have two visitors having paid for the same ticket/seat!
How can I prevent that from happening?
How do you handle race conditions if two systems are involved and one of them is out of your control?
My thinking was: Actually a check should be made right before the payment takes place, but of course I don't have control about what happens in paypal!
I know I can use Paypal's IPN and such, but this only happens AFTER payment which is too late.
Alternatively, it would be great if paypal asked me through API to confirm a payment. Then I could say "no" in case the tickets have been sold to someone else. But I don't think this is possible with paypal.
I'd recommend using Express Checkout. Express Checkout allows you to control when the payment happens, because you'll fire off an API call to PayPal to actually process the payment.
The other possibility you can look into is using an authorization instead of a sale transaction. That way, if another buyer takes the seat, you can void the authorization, and the buyer won't get charged. (PayPal will probably charge you for the voided authorization, however.)
One solution as Matt Cole suggested is to use 'authorization' instead of 'sale'.
You can do this by setting 'intent' to 'authorize' instead of 'sale' ({intent: "authorize"}) in your calls to the Paypal API when you're creating a Paypal payment. Once the customer approves the transaction, it is up to you to authorize this transaction by capturing the payment.
I'm implementing a payment system and I'm not sure how to deal with cvv2 codes. Our service offers a two week free trial. We require the user to enter in billing information and we auth their card for $1. Two weeks later we do a separate auth & capture (we can't do a prior_auth_capture because the user can upgrade their plan during their trial). We bill them each month from then on.
How am I supposed to use the cvv2 code in our situation? We're not supposed to store the cvv2 code, so I can only use it with the auth that we initially do. Is it worthing doing this just on the auth still? I don't want the first auth to succeed (because it has the cvv2) and then prior auth + captures to fail because we don't keep it around.
Long story short I'm new at this company and I'm trying to fix their billing problems. International customers in particular are getting payments declined (some, not all). The current system doesn't pass along the name on the card to auth.net nor does it do any sort of address verification, which I suspect is what's giving international customers trouble.
I would think using cvv2 (if it'll work in our situation) and sending the actual name on the card should remedy the issue for international customers. If not then address verification would be the next thing to try? Does this make sense? Sorry if my thoughts are a bit scattered.
Thanks!
Sending the name on the card is useless as it not received nor used by the card processing companies. Also, AVS won't give anyone trouble except for the company who pays the credit card processing bills as their fees will be much higher for not doing it.
With Authorize.Net you should be using their ARB system for recurring payments. Once the subscription is established you don't have to do anything until the subscription runs out or is cancelled. This includes handling CVV and AVS issues. If you choose to use their AIM API for each and every payment then you'll have issues as you'll need to capture the CVV number for every transaction if you wish to perform CVV on those transactions. Of course, CVV is not required to process a transaction, so if you don't submit it the transaction will still go through anyway.
If international card holders are having issues it's more likely because the card is international and higher risk then then AVS or CVV issues. Those two tools are for fraud detection on your end. Not card approval by the processors.
Hi actually this is a simple question but just came up out of the curiosity...
I have seen a web evaluation online tool recently called teqpad.com.I have lots of queries on it
How do they do it?? eg:page views daily visitors etc. without mapping real website??...
Website worth...is this getting any near to any site??
I don't know how do they got daily revenue??
I like traffic by country..it has seen same like in Google analytic s..how they got that info??
another one is ISP info and Google map location of server..
is there any one here done similar scripts?? if so what is your opinion??
They may be tracking user browser stats like Alexa does. (More info on Wikipedia.) A group of users installs a plug-in that reports which sites each user visits, like TV ratings work in most (all?) countries. This method is obviously not very reliable, and often nowhere near the actual numbers of visitors.
This is usually based on bullshit pseudo-scientific calculations and never a viable basis for evaluating the "value" of a web site, even though it may be possible to guesstimate the approximate ad revenues a site yields (see 3) But that is only one revenue stream - it says nothing about how expensive the site's daily maintenance is - servers, staff, content creation....
It should be possible to very roughly estimate daily revenue by taking the guesses on daily visitors/page views, count the frequency with which ads are shown, and look at what those ads usually yield per page view. It is probably pretty easy to get some rough numbers on what an ad view is worth on a big site if you're in the market.
and 5. It is possible to track down most IP addresses down to the visitor's country and sometimes even city. See the Geo targeting article on Wikipedia
In developing a new web service I haven't been able to find very much information on how companies bill for their web services.
Do you bill by request or only certain requests ie) GET or POST?
-would these be tracked at the application or server level?
Do you bill by bandwidth?
-again how would this be tracked on a per user basis
Do you charge a subscription to simply have access?
-this is assuming that they are only granted an api key after payment has been made.
A combination of the above or other options?
Thanks for your help.
As all things in a market economy, the price, but also the inconvenience (or convenience) and risk associated with the actual payment (irrespective of the amount) is a function of how unique and cool and valued your service or product is.
It is therefore impossible to answer the question but in very generic terms, i.e. in the form of suggestions. You actual invoicing model may base on one or several of the following
bill for a one-time setup fee
bill on a subscription basis (i.e. for a defined period, with explicitly defined maximum amounts of usage)
bill for maintenance
bill by the act, i.e. a certain amount (possibly on a decreasing unit price schedule). Such acts should be counted at the server level, (The client-side may include some audit/monitoring/log of sorts, but the server-side should be the authoritative source of info)
bill by volume (for example number of MBytes transfered etc.), this is applicable to services where there is a big variation in the volume of info produced for each "act".
In general, the price and the modality of accounting should seem fair, to both parties, particularly to the buyer, and typically, the simpler the better. The price should not necessarily be low, provided you can make the case that the service provided is effectively valuable, and that you either invested and took risk to introduce the service, or the on-going expenses associated with running the service are evident.
I guess It Depends™ on what the service does. Broadly, I'd say you should bill when you provide some intrinsic value; how you determine what that billing criteria is is quite domain-specific. There may be some property of the service provided which allows you to determine how much to bill.
For example, suppose you've a web service that performs a calculation. You might decide that for every successful computation you do, you're going to charge a fixed fee, say $0.01, but let users off if there's a validation problem, such as an invalid request. Alternatively, if those computations are vaguely long-running, you might have a charging model that's based on some sort of CPU-time metric.
Your point about subscriptions is a good one, and this is an area where you might potentially benefit from allowing a couple of commercial models; one to cater for the users who might perform a lot of requests per month, in which case a fixed subscription might make sense, and one to cater for users who make a few ad-hoc requests. In the latter case, of course, if you only attract those customers, then you're not going to make a good return on investment. Some kind of middle ground, whereby you have a small subscription, but then allow customers to buy a "block" or "bundle" of requests on top without incurring additional processing costs, might work.
Most webservices I know of charge for two things:
Volume of "usage". Generally giving low volumes "free" access (i.e., less than X hits/hour from a given IP address account combination). This is similar to say, twitter which gives you 150 hits/hour to its service from either your username, or unique IP or combination of the two (so you dont abuse it by changing IPs frequently). If you want a higher volume you pay for that access and its usually assigned by account (in twitters case you can get a dev account [for free] which gives you 20K or more hits an hour)
Depth of Details, Access to features. Again free accounts get a minimum amount of access, but dont get access to more data or to more advanced features (filtering, etc). Lots of google services work like this, were base access is given to everyone but if you want more refined abilities (greater search, more data, faster results) you have to buy an account code with the corresponding functionality.
I havent really seen or participated in any projects with pay-for-performance, or pay-per-hit/access models as they get very difficult to reliably bill for and very hard to account for to customers, even if you use tiered or banded ranges. How do you tell your customers how many hits they have used, especially in a distributed system, with redundant fail-over, etc. If I had to pay $0.01 cents per access I would want to know exactly how its measured, and what the company had in place to control access, and how accurate their monitoring was, etc.
Its not impossible, and definitely can be done, and may work well in large bulk scenarios.
Many of the ones I have seen bill by time, such as on a monthly or yearly basis. Some allow you to pay by the month, some require some (or all) of the fee up front. Access might be restricted by issuing a security certificate for the web service that expires when the customer's account expires, or possibly by having them send a client ID and letting the server check if that client ID is allowed to have an answer (but that's open to people stealing someone else's client ID ;) ).
I suppose if you have a service that sends and receives very large amounts of data, it might make sense to bill per service request, but the billing for that could get trickier. Are clients likely to make dozens of requests per day, or just a few? How much to bill per transaction? $100? $0.01? That all would depend on the nature of the service. If you want to go that route, you would probably need to be able to ensure that clients only get billed for requests that are successfully answered (I'd hate to get billed even though my client app failed to receive the entire web service message from your server).
Per request or as a subscription, and yes, bandwidth can be a variable that is used to set the fee. Depends of the value of binding the customer close or having a myriad of loosely coupled customers using it. There is no correct answer to the question that fits all or even most cases.
If I look at the services I have made in the past, the subscription model would be the best model to use. Sometime a tick of $ per request seems like the best approach but I have never had a service configured that way yet.
I agree with what has been said by Rob and Des. One thing to remember is that a subscription is a really simple concept that everyone is used to and comfortable with (if you price it right). If you want to cover a wide audience look at how the payment providers do - they have slightly different methods of payment depending on how many transactions you do per year. There'll be a fixed subscription plus a per-transaction charge and they both vary with the number of transactions. This is the most flexible, but it depends if it makes sense for your business.