Reply
Highlighted
Member
Posts: 4
Registered: ‎11-11-2011

CIM - Is it possible to process a transaction without storing the credit card information?

Hi,

I would like to use CIM, but would like to give customers a choice on whether or not to store their credit card information.  If I use CIM to do this, do I need to delete the customer payment profile after each transaction?  In other words, if a customer does not want to store their credit card information, do I have to do these 3 steps each time:

1) createCustomerPaymentProfileRequest

2) createCustomerProfileTransactionRequest

3) deleteCustomerPaymentProfileRequest

 

Or, is there a simpler way to process a credit card transaction using CIM, without storing the customer's credit card information?

 

Thanks,

Jenni

Highlighted
Expert
Posts: 4,525
Registered: ‎03-08-2010

Re: CIM - Is it possible to process a transaction without storing the credit card information?

[ Edited ]

Or use AIM.

Highlighted
Posts: 1,609
Topics: 15
Kudos: 201
Solutions: 121
Registered: ‎06-23-2011

Re: CIM - Is it possible to process a transaction without storing the credit card information?

Why bother telling them their credit card information is being stored? Authorize.net is extremely secure, and the only way their credit card info is going to be hacked is if someone gets into your hosting. If someone gets into your hosting, you're doomed anyway, since the same exact method (adding a few lines of code between your form and the Authorize.net calls) will work regardless of whether you're deleting the profiles afterwards or using AIM or whatever. You're making life much more difficult for yourself for no actual gain in security.

 

The exception, I suppose, would be if you were using hosted CIM to collect the credit card info, but again, I wouldn't worry much about the Authorize.net end of things. As far as the customer is concerned, better not to mention security unless you work in security and your customers are going to be constantly asking about it.

Highlighted
Member
Posts: 4
Registered: ‎11-11-2011

Re: CIM - Is it possible to process a transaction without storing the credit card information?

Thanks for the reponse. 

 

If I go the route of not telling the customer that their credit card information was stored, would this cause a problem if the customer pays again using the same credit card?

 

The next time a customer pays using the same credit card, would authorize.net throw an error when I call createCustomerPaymentProfileRequest with the same credit card that they used previously?

 

Thanks

Jenni

 

Highlighted
Posts: 1,609
Topics: 15
Kudos: 201
Solutions: 121
Registered: ‎06-23-2011

Re: CIM - Is it possible to process a transaction without storing the credit card information?

Yes, however it passes the profile ID back when it does and you can just use that. Fairly easy to test, just run the same credit card through twice and print out the response fields.

Highlighted
Member
Posts: 4
Registered: ‎11-11-2011

Re: CIM - Is it possible to process a transaction without storing the credit card information?

Thanks again for the response..

 

On another thread, it says that only the duplicate Customer Profile ID is passed back, not the duplicate Payment Profile ID:

 

"It does appear that our documentation needs to be updated. Right now, using CIM, you can only get the error code with the duplicate ID for createCustomerProfileRequest, not createCustomerPaymentProfileRequest"

http://community.developer.authorize.net/t5/Integration-and-Testing/CIM-createCustomerPaymentProfile...

 

So you would need to iterate through that customer's Payment Profile IDs to find which is the duplicate and use that one

 

Is that your understanding as well?

 

Thanks a lot

Jenni

Highlighted
Posts: 1,609
Topics: 15
Kudos: 201
Solutions: 121
Registered: ‎06-23-2011

Re: CIM - Is it possible to process a transaction without storing the credit card information?

Well, you could cycle through them and look for a match on the last 4 numbers, I suppose. Would be more convenient to get back a payment profile ID, though, you're right about that. I do notice the post you're referencing is from 2009, perhaps they've added this to the list of things to do since then?