cancel
Showing results for 
Search instead for 
Did you mean: 

Authorize.net (Sandbox) is letting me save Incorrect Credit card numbers in the Payment Profile

First of all, I am using a Sandbox account for testing.

 

I can successfully create a Customer Profile as well as a Payment Profile. 

 

The problem is that while I can add 4111 1111 1111 1111 in the payment profile, I can also add incorrect card numbers in the payment profile using my code.

 

I am using

  1. http://developer.authorize.net/api/reference/index.html#customer-profiles-create-customer-profile
  2. http://developer.authorize.net/api/reference/index.html#customer-profiles-create-customer-payment-pr...

 

I am expecting a function from Authorize.net which should return an error message like "Your Credit card number is incorrect."

 

Kindly assist me with htis issue. 

 

Thanks

8 REPLIES 8

Hi @muhammadxumerz,

 

Can you give me an example of what you mean by a card number that's incorrect?

 

Just in case you weren't aware, the sandbox doesn't actual validation of card numbers. It will simulate validation if you ask for that operation to be performed during profile creation, but it's not actually connecting to the cardholder's bank to charge the card.

 

The simulated validation will show any potentially valid card number as approved. Any potentially valid card number means any card number that fits the format of a valid card (i.e. number of digits and correct starting digits) and passed the Luhn Mod 10 validation check.

Aaron
All Star

Additionally, if you want to simulate declines in the sandbox, there are specific triggers you can use, as detailed in our Testing Guide.

Hi

 

I am also expecting the same behaviour in sandbox using LIVE mode. Is there anything that I can check to validate credit card?

 

Any API that do not let customer create profile but validate credit cards on runtime? Just stripe does in the similar way.

 

Please reply.

webitdev2015
Member

Hi @webitdev2015,

 

Can you please clarify what you're looking to do? Are you looking to send a credit card number and have our system respond with whether that credit card number matches a valid account and is valid for payment?

 

If so, that's an actual card transaction that can't be done on a free sandbox account. That actually requires communication with the cardholder's bank over the card processing networks. That's what a production account is for.

 

A sandbox account is for developer testing. You can't charge a card with a sandbox account, and neither can you just authorize a card using a sandbox account.

 

If you're wondering how to authorize a card using a paid production account with creating a profile, that's essentially the "Authorize a Credit Card" section of our documentation.

 

If you're wondering how to authorize and charge the card, see the "Charge a Credit Card" section of the documentation.

Hi @Aaron,

 

Thanks for your kind reply.

 

Let me explain you the scenrio. My requirement is something like that:

 

User A come to my website and start signing up using registeration. At the end of form there is boxes for credit card fields.

 

What I need to do is, if user credit card fails in my system ( from authorize.net - by performing some api calls ) I will not let him signing up on my website not user's account should automatically created on Authorize.net side.

 

considering you first comments:

 

"Are you looking to send a credit card number and have our system respond with whether that credit card number matches a valid account and is valid for payment?"

 

Yes, this is what I am looking for. You are right in saying that.

 

Ok - considering your comments, it makesa lot of sense but how then it will work in Production?

 

As I am not charging customer but I simply wants to save his credit card in authorize.net. It will include new customer profile creation, new payment profile creation but before doing create operations I just want to see whether the card is valid or not. If valid I will do "new customer profile creation, new payment profile creation" else I will not let him do anything like that by saying your card is blah blah errors.

 

Could you please suggest? How exactly I can achieve this?

 

Thanks again Sir.

 

 

Hi @webitdev2015,

 

Have a look through our Customer Profiles API examples. With any of the Customer Profile creation calls, you can include the validationMode parameter. When set to liveMode, it will perform a live validation (on production, and a simulated one on sandbox). If the validation transaction is declined, the profile will not be created.

 

So, for your workflow, ask for the card number, do a Create Customer Profile call with that card number and validationMode set to liveMode, and if the card's no good, the profile will not be created.

 

To test the scenario of a card not being good in sandbox, you can simulate declines using the triggers described in our Testing Guide.

 

Hi @Aaron,

 

Thanks for such a massive help. Means a lot to me.

 

Ok - I have used the below sniept to start over what you have directed me in previous reply.

 

Currently I am doing something like below:

 

def confirm
    request = AuthorizeNet::API::CreateCustomerProfileRequest.new
    payment = AuthorizeNet::API::PaymentType.new(AuthorizeNet::API::CreditCardType.new('4111111111111111', '2020-05'))
    profile = AuthorizeNet::API::CustomerPaymentProfileType.new(nil, nil, payment, nil, nil)
    request.profile = AuthorizeNet::API::CustomerProfileType.new('jdoe'+rand(10000).to_s, 'John2 Doe', rand(10000).to_s + '@mail.com', [profile], nil)

    response = make_connection_to_api.create_customer_profile(request)

    if response.messages.resultCode == AuthorizeNet::API::MessageTypeEnum::Ok
      puts "Successfully created a customer profile with id:  #{response.customerProfileId}"
      puts "Customer Payment Profile Id List:"
      response.customerPaymentProfileIdList.numericString.each do |id|
        puts id
      end
      puts "Customer Shipping Address Id List:"
      response.customerShippingAddressIdList.numericString.each do |id|
        puts id
      end
    else
      puts response.messages.messages[0].text
      puts "Failed to create a new customer profile."
    end
    puts response.inspect
end

def make_connection_to_api
    AuthorizeNet::API::Transaction.new(API_LOGIN, API_KEY, :gateway => :sandbox)
  end

But for some reasons it is saying:

 

The element 'paymentProfiles' in namespace 'AnetApi/xml/v1/schema/AnetApiSchema.xsd' cannot contain text. List of possible elements expected: 'customerType, billTo, payment, driversLicense, taxId, defaultPaymentProfile' in namespace 'AnetApi/xml/v1/schema/AnetApiSchema.xsd'.
Failed to create a new customer profile.

 

Could you please review what's exactly I am making mistake here? - Thanks.

Hi @Aaron,

 

I tried out couple of other options to get this done but it seems like something is still missing on documentation end or obviously on mine too.

 

I tried out sample here:

 

https://developer.authorize.net/api/reference/index.html#customer-profiles-create-customer-profile

 

but it seems like its working on developer.authorize.net but not on mine. :)

 

Its the something that will work for me but couldn't catch the error as of yet.