Reply
Highlighted
Contributor
Posts: 12
Registered: ‎05-09-2012

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

Confirmed, this also effects the iFrame and iFrame popup versions of CIM.  So essentially Authoize.net offers NO methods for creating a CIM entry with Payment informatino without additional cost of processing a $0 transaction.  That is bait and switch in the State of Washington.  They do not disclose the added cost anywhere in any of their documentation or customer agreements.  I will be forwarding to the state attorney general.

Highlighted
Contributor
Posts: 12
Registered: ‎05-09-2012

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

I would encourage everyone to file a complaint with the BBB against Authorize.net for failure to dislose the mandatory "ValidateCustomerPaymentProfile" call that charges us a transaction fee when we use any of the hosted CIM solutions even though their documentation states we should be able to turn it off and we were never notified of this mandatory fee nor was it disclosed in our service contract.  (It's easy to do, just go to authorize.net and click on the BBB icon at the bottom of the page.) Additionally, please file the same complaint with your State Attorney General and their Consumer Affairs division.

 

My complaints read like this and you are welcome to copy/paste in your complaints:

 

Authorize.Net collects $0.05 to $0.10 per processed transaction that a merchant submits.  Those amounts are negotiated and included in your contract when beginning service.  However, Authorize.Net fails to disclose that many of the API (Application Programming Interfaces) require a Mandatory transaction called "ValidateCustomerPaymentProfile" when a merchant simply saves a customer profile or updates their payment information.  This mandatory transaction is charged at the same rate as a normal transaction but the transaction is usually not desired and not necessary.  For instance, when a customer wants to update their credit card expiration date, this "ValidateCustomerPaymentProfile" transaction is required -- thus we are charged a fee just to change the expiration date of someone's credit card.  We are charged the fee to simply record a credit card number onto the customer's profile, update their card, update their name on the card, etc.  We as merchants were misled because this mandatory transaction is not listed in the API documentation or on the service contract.  In fact, we are explicitly told that we can control whether or not a "ValidateCustomerPaymentProfile" transaction occurs by submitting certain configuration parameters as described in the section "Field Validation and Test Mode" on page 16 of the Merchant Web Services API Customer Information Manager (CIM) XML Guide found at http://www.authorize.net/support/CIM_XML_guide.pdf   Most merchants would submit "none" as the validation option so that the "ValidateCustomerPaymentProfile" is not run and we are not charged.  However, Authorize.Net, does not even follow it's own documentation and requires that all hosted CIM pages automatically run the "ValidateCustomerPaymentProfile" thus charging merchants for another transaction that we don't want, didn't sign up for, was not disclosed in our service agreement, and was not disclosed in the API documentation.

Many developers/merchants are complaining about this failure to disclose fees and mandatory transaction:
http://community.developer.authorize.net/t5/Integration-and-Testing/Hosted-CIM-validationMode-set-to...

 

My suggested solution:

 

All merchants affected by this problem should receive refunds for all "validation" fees that occurred as a result of adding a new customer payment record. All future fees should be refunded until the validation requirement has been removed and customers can opt-out of the validation as documented in their integration documentation. All customer agreements should be updated to show this mandatory fee. Advertising should be updated to reflect this mandatory fee.

 

Highlighted
Expert
Posts: 4,525
Registered: ‎03-08-2010

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

Sign Up for Customer Information Manager (CIM)

Value-Adding Service Terms and Conditions

 

In order for You to enroll and use an Authorize.Net Value-Adding Service (VAS), You must first agree to the terms and conditions set forth below. By clicking on the "I AGREE" button, or by using a VAS, You acknowledge and agree that You have reviewed and understand the VAS terms and conditions. If You do not agree or are not willing to be bound by the VAS terms and conditions, do not click on the "I AGREE" button and do not seek to obtain or continue using the Value-Adding Services

1. Expansion of Services. The terms "Services" and "Authorize.Net Services," as each is defined in the Agreement, shall include each of the Value-Adding Services. Each Value-Adding Service is described on the Authorize.Net Web site and in other Services Documentation provided to You from time to time. All terms of the Agreement applicable to the Authorize.Net Services shall be applicable to each Value-Adding Service.

2. Your Obligations. In addition to Your obligations set forth in the Agreement, You agree to pay the Value-Adding Service Fees, in accordance with Section 6 of the Agreement, in the amounts provided in the Fee Schedule located in the Merchant Interface and/or in the Value-Adding Service documentation page accessed during enrollment in the applicable Value-Adding Service. By checking the "I ACCEPT" button next to a Value-Adding Service Fee schedule, You acknowledge Your acceptance of such fees, Your obligation to pay same and the terms and conditions applicable to the Value-Adding Service.

3. Your Warranty. You represent, warrant, and covenant to Authorize.Net that Your use of the Value-Adding Services and any information gathered by You in connection with use of a Value-Adding Service: (a) will be fully compliant with all applicable local, state and federal laws, rules, and regulations; (b) will be in accordance with all applicable Services Documentation; and (c) will not be used for any purpose other than in connection with the Value-Adding Service.

4. Acknowledgement. You understand, acknowledge, and agree that (a) You will be solely responsible for ALL transactions processed through Your payment gateway account(s), regardless of whether such transactions are monitored by a Value-Adding Service; (b) You will be solely responsible for Your use of the Value-Adding Service including, without limitation (i) configuring, maintaining and updating, as You deem necessary, the applicable settings for Your Value-Adding Service account; and (ii) with respect to each Transaction processed via your payment gateway account(s), and regardless of any data, analysis, or information generated or not generated by the Value-Adding Service, as applicable, determining the appropriate action for each such Transaction (i.e., approve, void, decline, reject); (c) under certain circumstances, it may be necessary for Authorize.Net to adjust Your Value-Adding Service security settings, with or without notice to You, to guard against fraudulent activity and that such actions may inadvertently cause legitimate transactions to expire, be rejected or delayed; and (d) Authorize.Net shall not be liable under any theory of law, including negligence, for any loss associated with any of the foregoing.

5. AUTHORIZE.NET WARRANTY. IN ADDITION TO ANY LIMITATIONS OR DISCLAIMERS SET FORTH IN THE AGREEMENT, YOU UNDERSTAND, ACKNOWLEDGE AND AGREE THAT THE VALUE-ADDING SERVICES ARE PROVIDED TO YOU BY AUTHORIZE.NET "AS IS" AND THAT AUTHORIZE.NET DOES NOT REPRESENT OR WARRANT THAT THE VALUE ADDING SERVICES OR ANY OTHER TECHNOLOGY, CONTENT, INTELLECTUAL PROPERTY, OR ANY OTHER INFORMATION, DATA, PRODUCTS, OR SERVICES, WILL BE AVAILABLE, ACCESSIBLE, UNINTERRUPTED, TIMELY, SECURE, ACCURATE, COMPLETE, OR ERROR-FREE, AND THAT YOUR SOLE REMEDY FOR ANY ISSUE RELATED TO OR ARISING FROM THE VALUE ADDING SERVICES, AND AUTHORIZE.NET'S SOLE LIABILITY FOR SAME, WILL BE TO TERMINATE THIS AGREEMENT AND DISCONTINUE YOUR USE OF THE VALUE-ADDING SERVICES.

6. Risk, Security and Disclosure. The risk and security suggestions provided to You in the Services Documentation for any of the Value-Adding Services are solely for illustrative purposes to show best industry practices, and You shall be solely responsible for choosing the appropriate settings and parameters for Your account.

7. Termination. If Your Agreement is terminated for any reason, Authorize.Net shall immediately cancel access to Your Value-Adding Service account. It is Your responsibility to download all reports prior to the effective date of any such termination as such reports will not be available subsequent to the termination date.

8. Incorporation by Reference. The Value-Adding Services Fee Schedules are incorporated herein by reference.

9. Third Party Programs. You acknowledge that the FraudScreen.Net Service is a third party software program developed and owned by Fair Isaac Corporation. You will look solely to Fair Isaac Corporation with regard to warranty, maintenance or other support regarding the same. Authorize.Net makes no warranty, express or implied, with regard to any such third party software.

10. Amendment; Definitions. All terms and conditions of the Agreement not specifically modified in this VAS Addendum shall remain unchanged and in full force and effect. Unless separately defined herein, capitalized words used in this VAS Addendum as defined terms shall have the same meanings herein as in the Agreement.

By clicking I Agree, you agree to pay the Customer Information Manager (CIM) fees set forth above and in accordance with the payment terms of your payment gateway service agreement.

Highlighted
Contributor
Posts: 12
Registered: ‎05-09-2012

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

And this clearly shows we are right and Authorize.net is wrong.  In section 4 b (i) and 4 b (ii) they clearly state we are responsible for transactions and configuring the settings for our service.  One of the settings as listed in their documentation is the ability to turn OFF validation.  I do NOT want to submit a transaction for validation and want to configure it that way.  They have NOT allowed me to do so and are charging me a "manadatory" fee that is NOT set forth in the CIM service agreement and is not listed as part of the monthly fees associated with CIM.  My favorite line is this where they explicitly say "as You deem necessary" and yet they are not allowing us to do so:

(i) configuring, maintaining and updating, as You deem necessary, the applicable settings for Your Value-Adding Service account;
Highlighted
Member
Posts: 1
Registered: ‎07-15-2012

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

We recently spent the time and money to switch from DPM to hosted CIM.  I wish we had known that hosted CIM does not work with a great many banks.  Based on my estimate of how many customers have had their test transactions rejected, and therefore never added to the system, it is about 10% or more of banks that do not allow these test transactions.

 

The 0.10 transaction fee is annoying, but it really doesn't matter to me.  What is a problem is that 10% of our customers cannot even pay with this system.  If this had been properly documented, we certainly would not have chosen to implement hosted CIM.  We have already lost hundreds of dollars due to this problem in just one week.

 

Please, Authorize, if you insist on doing the test transaction, you can argue with the other guy about the ten cents, but if it fails, ADD THE PAYMENT PROFILE ANYWAY and just send us an email.

 

Is this likely to be fixed anytime soon or do we just need to bit the bullet and process the credit card ->payment profile creation in our site, and deal with the PCI demon ourselves directly?

Highlighted
Posts: 2,765
Topics: 57
Kudos: 247
Blog Posts: 67
Registered: ‎12-05-2011

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

The ability to run the CIM Hosted Form in Test Mode was recently added.  See the full details here.

Highlighted
Member
Posts: 1
Registered: ‎08-09-2020

Re: Hosted CIM, validationMode set to none, and automatic ValidateCustomerPaymentProfile transaction

I realize this is old so sorry for dredging this back up.  I see now that this can be a test transaction which is great - but the merchant gets an email for the test transaction and looks strange like the actual "good" transaction didn't go through and is added to the confusion.

 

The question is:   Is there a way to turn of that ValidateCustomerPaymentProfile email off?