Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

Possible bug in X-Payments integration with Authorize.net CIM
 
Reply
   X-Cart forums > X-Payments > X-Payments issues & questions
 
Thread Tools
  #1  
Old 09-14-2015, 06:29 AM
  finestshops's Avatar 
finestshops finestshops is offline
 

eXpert
  
Join Date: Oct 2002
Location: Toronto, Canada
Posts: 330
 

Default Possible bug in X-Payments integration with Authorize.net CIM

Hi guys,

Does anybody use Authorize.net CIM with X-Payments? Our client set CVV as required in Authorize.net CIM on Authorize.net side and now all orders are getting declined even though CVV is entered during checkout.

Order declined.
Reason: Card Code is required.

but we checked log with request sent to Authorize.net and it has cardCode submitted to Authorize.net

<payment>
<creditCard>
<cardNumber>****************</cardNumber>
<expirationDate>*******</expirationDate>
<cardCode>***</cardCode>
</creditCard>
</payment>

Any ideas why Authorize.net is not getting this card code?
__________________
Best regards,

Anton Pachkine
FinestShops.com - E-Commerce Conversion Optimization and Management
X-cart premium hosting, tech. support, customizations and 24/7 pro-active store performance monitoring in US, UK and Australia
Reply With Quote
  #2  
Old 09-14-2015, 11:45 PM
  random's Avatar 
random random is offline
Advanced Staff Users
 

X-Cart team
  
Join Date: Dec 2008
Posts: 79
 

Default Re: Possible bug in X-Payments integration with Authorize.net CIM

Quote:
Originally Posted by finestshops
Hi guys,

Does anybody use Authorize.net CIM with X-Payments? Our client set CVV as required in Authorize.net CIM on Authorize.net side and now all orders are getting declined even though CVV is entered during checkout.

Order declined.
Reason: Card Code is required.

but we checked log with request sent to Authorize.net and it has cardCode submitted to Authorize.net

<payment>
<creditCard>
<cardNumber>****************</cardNumber>
<expirationDate>*******</expirationDate>
<cardCode>***</cardCode>
</creditCard>
</payment>

Any ideas why Authorize.net is not getting this card code?

Hi, your client should not set CVV as required in the gateway settings since the same check is made by X-Payments itself.
Please see the following article for details:
http://help.x-cart.com/index.php?title=X-Payments:Tokenization_and_Re-Use_of_Saved_Credit_Cards_(X-Payment..._by_Intuit_Inc
__________________
Sincerely yours,
Vladimir Petrov
Senior X-Payments Developer
Reply With Quote
  #3  
Old 09-15-2015, 04:57 AM
  finestshops's Avatar 
finestshops finestshops is offline
 

eXpert
  
Join Date: Oct 2002
Location: Toronto, Canada
Posts: 330
 

Default Re: Possible bug in X-Payments integration with Authorize.net CIM

Thanks, Vladimir. but, unfortunately, right now Authorize.net is rejecting even the first transaction (not when saved card is used) when cvv is entered and sent to Authorize.net (according to the log) with "Card Code is required" error. It looks like x-payment is not sending CVV to Authorize.net in correct format when CIM method is used so Authorize.net does not see CVV in the transaction.

it works if we disable CVV requirement on Authorize.net side but in this case even first transaction on the card is not being checked for correct CVV and client just got over $2500 worth of fraud orders yesterday because CVV was not checked.

any solution for this?
__________________
Best regards,

Anton Pachkine
FinestShops.com - E-Commerce Conversion Optimization and Management
X-cart premium hosting, tech. support, customizations and 24/7 pro-active store performance monitoring in US, UK and Australia
Reply With Quote
  #4  
Old 09-15-2015, 05:23 AM
  random's Avatar 
random random is offline
Advanced Staff Users
 

X-Cart team
  
Join Date: Dec 2008
Posts: 79
 

Default Re: Possible bug in X-Payments integration with Authorize.net CIM

Authorize.net CIM integration presumes that for each non-subsequent payment it does two steps: creates a payment token and then pays using it.
So, even for "first" payment it saves a card and then use its token to pay.
The mentioned issue appears on that second action performed during the single payment process - it uses a token but doesn't provide CVV again and this fails according to the merchant account setup.

So, you need to setup the merchant account so that it will decline incorrect CVV, but still accept payments without CVV at all. Please don't worry about payments without CVV because X-Payments doesn't let the payment without it. But Authorize.net still should check that CVV is valid.
__________________
Sincerely yours,
Vladimir Petrov
Senior X-Payments Developer
Reply With Quote

The following user thanks random for this useful post:
finestshops (09-15-2015)
  #5  
Old 09-15-2015, 11:55 AM
  finestshops's Avatar 
finestshops finestshops is offline
 

eXpert
  
Join Date: Oct 2002
Location: Toronto, Canada
Posts: 330
 

Default Re: Possible bug in X-Payments integration with Authorize.net CIM

thanks, Vladimir. that makes sense. we'll try to set up authorize.net this way.
__________________
Best regards,

Anton Pachkine
FinestShops.com - E-Commerce Conversion Optimization and Management
X-cart premium hosting, tech. support, customizations and 24/7 pro-active store performance monitoring in US, UK and Australia
Reply With Quote
  #6  
Old 09-16-2015, 03:43 AM
  finestshops's Avatar 
finestshops finestshops is offline
 

eXpert
  
Join Date: Oct 2002
Location: Toronto, Canada
Posts: 330
 

Default Re: Possible bug in X-Payments integration with Authorize.net CIM

Vladimir,

This did not help. According to Authorize.net, X-Payments is not passing the CVV to them at all, not even when card is used for the first time.
We do see it in <cardCode>***</cardCode> but Authorize.net is not getting it or getting it in incorrect format. Maybe it has to be in a different format but the root of this issue is with cardcode not getting to Authorize.net at all.
can you check integration documentation to make sure you are sending cardCode properly to them?
__________________
Best regards,

Anton Pachkine
FinestShops.com - E-Commerce Conversion Optimization and Management
X-cart premium hosting, tech. support, customizations and 24/7 pro-active store performance monitoring in US, UK and Australia
Reply With Quote
  #7  
Old 09-16-2015, 06:30 AM
  finestshops's Avatar 
finestshops finestshops is offline
 

eXpert
  
Join Date: Oct 2002
Location: Toronto, Canada
Posts: 330
 

Default Re: Possible bug in X-Payments integration with Authorize.net CIM

Vladimir,

Your CIM integration in X-Payments is done incorrectly.
tech support at Authorize.net identified the problem.

If a CIM profile for the customer exists, then the CVV result code will always come back as "not applicable."

Auth.net believes that X-Payment is creating the CIM profile first, then drawing a transaction against that profile.
which is confirmed by your statement in previous post : " even for "first" payment it saves a card and then use its token to pay."
This will not allow merchant to check CVV causing lots of fraud charges

X-Payments has to submit transaction first, then create the CIM profile.
for $1500 you want for x-payments, would be nice to have integration done properly at least with the largest and most popular payment gateway

Can we expect this to be fixed in the near future?
__________________
Best regards,

Anton Pachkine
FinestShops.com - E-Commerce Conversion Optimization and Management
X-cart premium hosting, tech. support, customizations and 24/7 pro-active store performance monitoring in US, UK and Australia
Reply With Quote
  #8  
Old 09-16-2015, 11:54 PM
  random's Avatar 
random random is offline
Advanced Staff Users
 

X-Cart team
  
Join Date: Dec 2008
Posts: 79
 

Default Re: Possible bug in X-Payments integration with Authorize.net CIM

Quote:
Originally Posted by finestshops
Vladimir,

Your CIM integration in X-Payments is done incorrectly.
tech support at Authorize.net identified the problem.

If a CIM profile for the customer exists, then the CVV result code will always come back as "not applicable."

Auth.net believes that X-Payment is creating the CIM profile first, then drawing a transaction against that profile.
which is confirmed by your statement in previous post : " even for "first" payment it saves a card and then use its token to pay."
This will not allow merchant to check CVV causing lots of fraud charges

X-Payments has to submit transaction first, then create the CIM profile.
for $1500 you want for x-payments, would be nice to have integration done properly at least with the largest and most popular payment gateway

Can we expect this to be fixed in the near future?

Authorize.net CIM API allows both ways (place transaction + create profile from it OR create profile + place transaction using it) so we can't say that the integration is done incorrectly.
However, since it causes some issues for you we'll consider to change the behavior in a next release.
__________________
Sincerely yours,
Vladimir Petrov
Senior X-Payments Developer
Reply With Quote
Reply
   X-Cart forums > X-Payments > X-Payments issues & questions


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 08:46 AM.

   

 
X-Cart forums © 2001-2018