I'm implementing a payment system and I'm not sure how to deal with cvv2 codes. Our service offers a two week free trial. We require the user to enter in billing information and we auth their card for $1. Two weeks later we do a separate auth & capture (we can't do a prior_auth_capture because the user can upgrade their plan during their trial). We bill them each month from then on.
How am I supposed to use the cvv2 code in our situation? We're not supposed to store the cvv2 code, so I can only use it with the auth that we initially do. Is it worthing doing this just on the auth still? I don't want the first auth to succeed (because it has the cvv2) and then prior auth + captures to fail because we don't keep it around.
Long story short I'm new at this company and I'm trying to fix their billing problems. International customers in particular are getting payments declined (some, not all). The current system doesn't pass along the name on the card to auth.net nor does it do any sort of address verification, which I suspect is what's giving international customers trouble.
I would think using cvv2 (if it'll work in our situation) and sending the actual name on the card should remedy the issue for international customers. If not then address verification would be the next thing to try? Does this make sense? Sorry if my thoughts are a bit scattered.
Thanks!
Sending the name on the card is useless as it not received nor used by the card processing companies. Also, AVS won't give anyone trouble except for the company who pays the credit card processing bills as their fees will be much higher for not doing it.
With Authorize.Net you should be using their ARB system for recurring payments. Once the subscription is established you don't have to do anything until the subscription runs out or is cancelled. This includes handling CVV and AVS issues. If you choose to use their AIM API for each and every payment then you'll have issues as you'll need to capture the CVV number for every transaction if you wish to perform CVV on those transactions. Of course, CVV is not required to process a transaction, so if you don't submit it the transaction will still go through anyway.
If international card holders are having issues it's more likely because the card is international and higher risk then then AVS or CVV issues. Those two tools are for fraud detection on your end. Not card approval by the processors.
Related
Goal: Allow a user on my website to pay another user(merchant) for a service via either PayPal or Stripe. I would like to take a percentage of the purchase amount and the remaining percentage would go to the merchants account.
I've successfully added both Stripe and PayPal to my Django app, and successfully integrated a payment portal, but the default use-case appears to be for the user to send a payment to owner of the website (owner of the paypal/stripe account) via a client ID. For paypal, I figured out how to specify the payee as the merchant, rather than myself, but there is still not a clear way to split the payment. I would not like to accept 100% of the payment and then pay the merchant. The only payment I should receive is the percent of the payment at the time of the transaction..
Is it possible to implement this type of payment schema through Stripe Merchant onboarding? The only route to achieve this through paypal as far as I can tell is PayPal partnership (paypal marketplace), which is for larger businesses.
Split funds from a single charge between different sellers using Connect
Connect
Stripe does not support the splitting of funds from a single charge
among multiple sellers for compliance reasons. As a platform using
Connect, you will need to ensure that there is still a one-to-one
relationship between a charge and one of your connected accounts.
PayPal User Agreement
4.5 No Surcharges. You agree that you will not impose a surcharge or any other fee for accepting PayPal as a payment method. You may charge
a handling fee in connection with the sale of goods or services, as
long as the handling fee does not operate as a surcharge and is not
higher than the handling fee you charge for non-PayPal transactions.
You will have to be the middleman and take payment, split it and then send the rest to the paypal user or make two charges, 1. The cost 2. Your fee.
The only route to achieve this through PayPal as far as I can tell is PayPal partnership (paypal marketplace), which is for larger businesses.
That's correct. Without that type of partnership, you would need to accept the whole payment and use something like Payouts, which of obviously does not meet your requirement of only accepting some percent.
(There was a very old way to do it -- Adaptive Payments Chained Payments, but you can forget it ever existed; no longer ever available)
I suppose, technically, the deprecated EC Parallel Payments is still open and "usable", but that's an observable split and designed for use cases like paying for a Hotel and Airfaire at once. Really not good for marketplace use, and it's also quite old and may go away soon due to that deprecation. I would not recommend using it for anything, much less marketplaces -- just covering the bases.
I'm building a website to allow people to donate to a local charity quickly and easily. The charity allows direct donations, but it's primary function is to do "per mile" style donations, but with pull ups. In that past, they have collected the pledges ("I'll pay $1 per pull up"), then manual contacted people for payment after the event. This isn't very slick and very time consuming.
What I'd like to be able to do is collect a pledge and payment information, then charge people automatically after the event. From what I've seen, I should put a hold/authorization on their account, then capture it with the appropriate amount after the event. But reauthorizing will only allow up to 115% of the original, and I can't very well just authorize a large amount and let it sit for two months before reauthorizing and capturing it.
I know this can be done, but I haven't messed with this side of things before, and the REST API from paypal doesn't have an obvious solution. Is there something I'm missing? Should I be going about this a different way?
You can use reference transactions. I would recommend sticking with the Classic API for now, though. REST isn't as mature yet and doesn't have all the same functionality quite yet.
So in the classic API you would use Express Checkout and/or Payments Pro. You can process an original authorization and then simply void it, or use the card verification process with Payments Pro.
You won't need to capture an original amount, so you won't need to worry about the 115% cap on the capture.
Instead, you'll use the DoReferenceTransaction API to process any amount you need to at any time from that user's account account.
With Express Checkout you have to be sure to include a billing agreement in the setup. This guide outlines that whole process.
With Payments Pro you just do the original card verification / auth and then pass that auth ID into the DoReferenceTransaction API.
In either case, if you're working with PHP this PayPal PHP SDK will make all of the API calls very quick and easy for you.
We are using Authorize.NET (AIM + CIM) to process credit cards. Recently I noticed that we are getting many declined payments in transaction log. Most of them are with status "decliner by issuer", which means we don't have any specific information about why transactions are declined. I know there can be various reasons for that, and in many cases the problem lies on customer's end, but my intention is to eliminate any problem on our side and make it work as smooth as possible. In addition, my attention is brought to the fact that some people told us that their banks treated our transactions as suspicious and declined them. I want to check whether we have any problem on our end. Here are the questions I have:
Were there any changes made recently in the banking systems that may cause more transactions to be declined? Are there any known changes in bank policies or technical stuff that affect transaction status (declined or authorized)?
When user purchases a product or signs up for our services, before processing a real payment, we submit $1 transaction to validate his credit card. Then if it is authorized successfully, we void it, save his data in CIM profile and process further payments (on recurring schedule until user unsubscribes from our services). The question is can it make problems by looking suspicious for banks? Is this an acceptable way of handling payments or we should avoid it for some reason?
Is there any documentation or article specifically on the subject of getting as much successful transactions as possible, minimizing declined transactions and eliminating risk of transactions looking suspicious to banks?
We integrated Authorize.NET into our systems about 4 years ago. The code runs normal, but is there anything that is outdated / changed / improved that should be caught up by our code in terms of getting as much successful transactions as possible?
Do you have a high chargeback rate? If that's the case, some issuers may have flagged you as a suspicious merchant.
A few others points that may have an influence:
in which country are you based, and in which countries are your customers? Some banks tend to flag whole countries in their scoring algorithms.
likewise, what's your activity?
do you use 3D Secure (Verified by Visa and the like)?
do you do all the address verification etc.?
Do you get the declines on the initial authorisation, or on subsequent ones?
Also, I suppose the $1 transaction is just an authorisation, right?
Have you tried to see if the declines come from specific issuers (recognisable from the first 4 to 6 digits)?
I'm integrating with Authorize.net's ARB API. Authorize.net processes their transactions at a certain time everyday, so when people create a subscription, their transaction is not real time.
I am creating a subscription based model, does their API tell me whether their CC has been processed? Or should I put a delay on the access to my site until they have processed all the ARB transactions that day.
Thanks in advance!
You should be charging their first subscription payment via the AIM API. This will give you instant feedback as to whether or not the payment was good. Assuming it was successful you then can use ARB to create their subscription by setting the start date to be the date of their next scheduled payment.
This serves two purposes:
If the card is bad you know immediately and can have the user provide a new card while they are still on your website. Once they leave your site it gets much more difficult to get them back to correct it.
You can give them instant access without worrying about whether or not their card is approved or not.
FYI, you can use Silent Post to determine the status of payments made via ARB.
I've been tasked with setting up a society's website. I'm a full time Django (at al) web developer so I was happy to take on the task.
Going through the specs, they want to control memberships so that all applications need a "second" (read: sponsor, referee, etc) and then they need to pay a subscription fee to be part of the club.
This club has a number of events with variable ticket prices for lunches and talks to name two. Only members are allowed to see the price per ticket and therefore only members are allowed to buy the tickets.
I had originally planned on farming the event management off to EventBrite and pulling the upcoming events back to the website through EB's API but this members-only constraint looks like something EventBrite can't do.
Then there's processing members subscriptions. I had hoped to allow anybody to register a django.contrib.auth account but leave subscription payment offline but the client would be happier if they could mark accounts as "members", store the subscription data in the database and let the members pay online.
Like with EventBrite, I was hoping I could store rough membership data (whether or not they're allowed to subscribe, a unique token for the user on the API service, their level of membership and their membership's expiry) and there'd be something I could post users off to to process their subscription payment.
I basically don't want to touch any payment systems. Even something as simple as Paypal+IPN is something I'd rather not do (I can and have in the past on other projects) but it's the layer of management that I'd have to build around it (messaging members, creating recurring events, etc) that I'd like to farm out to a third party... Even if they do want an additional percent of the payments processed.
Do any of you know any suitable APIs that cover membership or events or both?
Or is this so complex that I should give up hoping for external help and just knuckle down and do it myself?
I think the google search you are looking for is online membership management. I don't know if any of them play particularly nicely with Django/python, but some of them do include APIs. Almost all of these are companies that charge, either for the system, or on a per-user basis.
If you don't mind installing something yourself, CiviCRM is a free, open source solution that I found with a bit of googling. It's integrates with either Joomla or Drupal (so probably PHP-based). You'd have to put the payment processing in yourself, but it does support payments using PayPal which would take handling payments mostly out of the equation. If you can, choose PayPal Express rather than PayPal Website Payments Pro since you may need to be PCI-DSS compliant to use the latter.