cancel
Showing results for 
Search instead for 
Did you mean: 

How to process a payment and make it recurring, without ever seeing the credit card number

Our web site sells a product that requires a monthly payment. The one caveat is we want to confirm the first payment went thru successfully immediately.

 

Is there a way to ask for the user's credit card once, charge the card AND set up recurring billing (without asking for the card info again) without the card information coming onto our web servers through a postback?

martin1b
Contributor
7 REPLIES 7

Hi martin1b,

 

Probably the best way to go about this would be to use the hosted CIM option. With CIM, you store your customers payment information for use in future transactions, and can run a transaction with the info at any time. So in your case, this would allow your customers to enter their payment information on our servers, store it on our servers and you could then run the first transaction to make sure the payment information is valid and then use the information entered to create an ongoing subscription. This would also help alleviate some PCI touchpoints as the data is being entered and stored on our secure servers instead of yours.

 

Hope that helps.

 

Thanks,

 

Michelle

Developer Community Manager

Michelle
All Star

Hi Michelle,

 

Thanks for the reply. What about CVV data. I want to require CVV data on the first transaction from the web user. However, when I try to process the payment for the following month when I invoke the payment from the web service, will I need to have the CVV for the payment to go through?

 

I'm hoping the answer is no because, the reason I would go with CIM is to not store that data.

 

Hey there,

 

So with CIM, when you first set up a payment profile, you can include the CCV code and then set the validationMode field to liveMode. This will run a $0.00 or $0.01 (depending on your processor) transaction that will validate the data. Then you'll know whether the card is good or not. The card code will not be stored in the profile, but since you know it's valid, you can set up the recurring billing with that payment profile and feel good about it. Be sure to check out the CIM guides for more info on validationMode.

 

Thanks,

 

Michelle

Developer Community Manager

Updated due to Hosted CIM product.

 

Note that there are two ways to enter the card data into the CIM "vault"

 

1) Regular CIM. If you use this, then you'll be in scope for PCI since the regular CIM api requires your sw to send the card details to Auth.net.

 

2) Hosted CIM. This is quite new (May 2011) from Auth.net. It is designed to let the card holder enter the card details via Auth.net. Using this technique, your sw and server will stay out of the PCI scope.

 

See: http://www.authorize.net/support/CIM_XML_guide.pdf

 

MICHELLE:  Auth.net should have a video and a demonstration of the User Interface flow of using Hosted CIM. I also cannot find a press release or anything else about hosted cim......

 

I'd also recommend CIM. A lot of people use AIM for the initial charge and then ARB for the recurring billing, but ARB is a lot more difficult to implement and manage than CIM.

Just to confirm, I can use CIM to store the information. Then, using CIM SOAP, I can use CreateCustomerProfileTransaction to run a transaction. Since I have the CCV in the payment profile, if I don't what to use ARB, I can use CreateCustomerProfileTransaction through CIM SOAPwhenever I want to run a transaction without the CCV.

 

Correct?

As Michelle said, you use validation mode to verify the CCV when you set up the profile. The CCV isn't stored, but from then on it's unnecessary because it was validated the first time and isn't going to change unless the card changes. You can charge the profile whenever you want using CreateCustomerProfileTransaction. Can't gives you specifics on SOAP, because I'm using the PHP interface myself.