cancel
Showing results for 
Search instead for 
Did you mean: 

how to validate name on credit card

 

we're currently using CIM and AIM.  i would like to know, what is the best way to validate that the first and last name provided by the customer exactly matches the first and last name associated with the credit card?  we actually did a test in production and to our surpise, we could enter a fake name and Auth.net still authorized the transaction.  for our particular application, since we do not want to allow multiple customer accounts using the same name and billing address information associated with a particular credit card (for fraud reasons), we need to verify that the name they provided exactly matches the name on the card.  is there a way to do this using AIM/CIM? i looked into AVS but that seems to only validate the billing address, but we need name matching as well.

 

jonjon29
Member
2 REPLIES 2

You can't. It isn't sent over to the credit card processor for verification nor is there any way to verify it.


-------------------------------------------------------------------------------------------------------------------------------------------
John Conde :: Certified Authorize.Net Developer (Brainyminds) :: Official Authorize.Net Blogger

NEW! Handling Authorize.Net's Webhooks with PHP

Integrate Every Authorize.Net JSON API with One PHP Class (Sample code included)

Tutorials for integrating Authorize.Net with PHP: AIM, ARB, CIM, Silent Post
All About Authorize.Net's Silent Post
stymiee
Expert
Expert

The name on the card is really unimportant. It's very easy to get someone's name, therefore the only items that really matter from a security standpoint are the card number, expiration date, and perhaps billing address (if you're using AVS). What's wrong with ignoring name and just checking for duplicate address / credit card? It ought to be ok to store a one-way hash (perhaps MD5) of the credit card number and billing address / zip code - it can't be reversed, and you can use it to check if anything new matches what's already in your database. The PCI DSS level of a fully-hashed credit card number is equal to or lower than that of AIM or CIM, so it won't increase your security requirements.

TJPride
Expert