cancel
Showing results for 
Search instead for 
Did you mean: 

Can we Authorize a card using hosted form and charge it using payment transaction charge?

Hello,

 

I've a requirement to integrate Authorize.Net in WPF based application (Desktop Application) written in C#.

I'm able to successfully able to display a accept hosted form in WPF browser which provides an interface to user to input Credit Card information and Authorize some amount. (Remember I'm doing Authorize Only Transaction on Accept hosted form). To Authorize Amount I'm passing a unqiue InvoiceNumber and amount to authorize.Net, invoice number will be unique all the time.

 

Once credit card information inputted and processed on accept hosted form it displays a successful message to me.

 

After closing browser I'm querying Authorize.Net to get unsettled transactions as very next action. Which is giving me a list of all unsettled transactions.

 

I'm identifying "TransId" based on "InvoiceNumber" which is unique in my context and based on "Invoice Number" I'm getting the "TransId' and saving it in my database for further action (Caputre Prior Authorize Transaction")

Now I've some custom work flow in my application once it fulfills then I'm initiating a "PriorAuthorzieCapture" transaction request to Authorize.Net and passing "RefTransId" as "transId" which I saved in previous step to capture previously authorized amount.

 

This is working fine as I'm able to display accept hosted form and then authorizing amount is okay and able to get the transaction Id back to my system and then able to capture amount as well. I just wanted to make sure that is it a appropriate solution for desktop application or not? Unfortunately I don't have a web server where I can create Webhook or some Relay response kind of stuff. So just looking for go ahead as in POC it works well for me, Any comments any suggestion? Or any issue while following this approach?
I'll appreciate if someone can correct me if I'm wrong with understanding.

 

Thanks,

Ammas
Member
3 REPLIES 3

Hello @Ammas

 

Yes, your approach will work.  However, I'm curious why you are using a Hosted Form when the application is running locally?  Are you trying to reduce your PCI Scope or simply didn't want to build your own form?

 

Richard

 

 

RichardH
Administrator Administrator
Administrator

Thanks Richard for getting back to me on it.

 

I'm not 100% sure about PCI scope so that's why avoiding to build any local form on my end which allows user to input credit card information locally on that form and that's the only reason we're stick with using hosted form provide but Authorize.Net.

Building a local form on our end will reduce my lot of headache in this case but again not sure about PCI and if you thing it will not put us under PCI scope then please confirm or suggest. Again thanks for getting back to me on it and I really appreciate your prompt help on it.

 

Thanks,

@Ammas

 

If you are building a desktop application where, for example, an employee collects payment information from the customer and types in the card number on the desktop computer and submits for payment, then you are required to maintain full PCI compliance.  You cannot use a hosted form to lower your PCI DSS Frequirements since all payment data moves across your desktop and network.

 

Richard