Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Saving credit card details to db using AuthorizeNet


davidturetsky

Recommended Posts

Has anyone mod'ed their Authorizenet.php to have the credit card details saved to the db? It is impossible to run a business without being able to have these details to hand for at least the following reasons:

  • Customers adding to their order

Refunds

 

I have tried to add an insert to the authoriznet.php, but cannot get it to work.

 

Any help is appreciated.

Link to comment
Share on other sites

if you are using authorizenet then you can look up the customer cc info in your authorizenet account instead of worrying about all the security you will need to protect cc data on your store

Link to comment
Share on other sites

if you go into your authorizenet account, do a search on the customer, transactions, whatever and view it, it is masked - if you download it to your machine you will get the unmasked version of the data

Link to comment
Share on other sites

That data is masked on the AuthorizeNet site.

 

It is, indeed.

 

You can do a refund by copying the masked info and providing the transaciton reference #.

 

This would be enough is Authorize.Net wasn't the piece big piece of sh*t that it is, with technical support people who've been given more verbal defense than actual technical training, since their software is so substandard and full of bugs. osCommerce is free and about a million times for advanced code-wise than Authnet, and, I'd even say relatively bug free relative to it, too.

 

I just had a 'general processing' error on one transaction, for instance, whereby it shouldn't have gone through since it was an error, and authnet insists it didn't go through, yet the customer was charged (they sent in their statement to prove it!). Authnet can't and won't reverse it, since it doesn't show as a valid charge on their system. (What's worse is that this customer received an over the limit charge for this error, since the customer then went onto place another order the very next day that wasn't errored. So they were double billed for something they could only afford once -- potentially hurting their credit)

 

If I had the credit card details stored, there's some chance I could push through a credit manually. When I used AuthNet years ago on another project (when it was just as bad quality wise, but had a few more features, believe it or not. Authnet isn't one to EVOLVE, apparently), you could do jus that. You didn't have to reference jack diddly to do a refund of any amount you wanted. And nothing was masked, either. You had as much access to credit card numbers as any restaurant does. It was way easier to be customer friendly when you had more info on file, and the system was more flexible. The way it is now, Authnet has more power now than they did then, yet their customer support people are absolutely powerless to actually help. Some are nice enough (and some aren't), but nice enough doesn't get a job done.

 

So I'll have to agree with David here.

 

Having the OPTION to store the CC info would be very much to our benefit and our customers.

 

It would also pave the path to allowing the customre to keep their credit card on file, like you do at any major site such as buy.com, to make re-orders easier. I get asked several times a week why my site doesn't do that (we sell consumables/products you'd order every month or so).

 

It makes sense for a lot of businesses. I think even NewEgg.com, the computer parts vendor, has my CC details on hand for fast reorders. I like it, really. It's a nice *option* to have. And most money making businesses do depend on reorders for profit. Most of us give up our initial profits to customer acquisition (marketing) costs, so it makes sense to make re-ordering as easy and painless as possible. It's nice to break even on initial sales (it's sort of like running a non-profit organization!), but the follow up sales allow re-order dependent business people to buy food, clothes, oxygen, sunlight, all the things we need to grow. Heh :D

 

Anyway, point being here -- Thumbs up to allowing CC details to be stored, and the future possibilities that would allow.

 

Jon

Link to comment
Share on other sites

jon - if you check the contributions section and also search the forum you should be able to find how to capture and save the cc info - do it at your own risk....

 

david - so you have the issue solved now hopefully?

Link to comment
Share on other sites

if you go into your authorizenet account, do a search on the customer, transactions, whatever and view it, it is masked - if you download it to your machine you will get the unmasked version of the data

 

Cool tip! Thank you!!

Link to comment
Share on other sites

jon - if you check the contributions section and also search the forum you should be able to find how to capture and save the cc info - do it at your own risk....

 

Cool! Thanks! I'll check it out. Hopefully such hacks will evolve, too, like everything seems to with osCommerce. osC is so damn great.

 

Actually, come to think of it, when it comes to authnet, not having the CC#, you are at risk. It's an irresponsible organization that insists their software is completely and utterfly bug free. (Too bad I don't think there's better virtual gateways, per se, specially that work sell you eFalcon's (or it HNC?) FraudScore service, which is useful for a worldwide business. The CC processing industry is awfully shady. Either their margins are too low or it's all ex-consin the business, like with ipayments.com)

 

You're also at risk, in a way, if your profitability depends on multiple orders, and reordering is tough. Easy reordering means you can eat that month. :D

 

So the additional risk is outweighed by ameliorating two other more substantial risks.

Link to comment
Share on other sites

IMHO I like it that I dont have to worry about having CC info on my site - OSC stores all the other user info and all the user has to do is enter their CC info to checkout (previous customers that is) - having all the info available on Authorizenet is fine with me, and doing a search and download to get a CC number for a refund is no big deal

 

I agree with the other comments about the CC industry being a rip off - there is no consistent method to check CC's from outside the US, they make their money from chargebacks, etc. etc. etc.

 

can you say leeches?

Link to comment
Share on other sites

Jeff, I am happy to use the AuthorizeNet site to download the details and create another transaction on the virtual terminal. I agree with Jon though that OSC should hold the details and be able to complete a refund transaction as well as an order update transaction.

 

I use the order update tool and aside from the errors with discounts and shipping, the other area I would change is the removal of items and the subsequent change in shipping costs, discount and refunding a credit card (or other payment method). Beefing up this contrib would make OSC a formidable ecommerce tool (among other things).

 

Don't get me wrong, I love OSC. But I have lost some money on shipping and discount errors due to the lack of coherent coding in those areas.

 

It comes back to storage of the cc details:

Refunds

Repeat customers

Customers changing their orders and adding merchandise

 

Thank you all for your help.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...