cancel
Showing results for 
Search instead for 
Did you mean: 

Other options for transaction data storage?

Hi all,

 

My company is looking into using the AIM method but it looks like it requires us to store the transaction data (CC#, billing address, etc.)  on our own servers. Our servers are in Japan and apparently there are laws there against storing sensitive personal info on our own servers. Is there a service option or some other method we should be using if we don't want to store the transaction data on our own servers?

 

Hope that makes sense. I myself am not the developer but since he doesn't speak English, I'm asking for him.

 

Thanks for any help.

spacysmoke
Member
15 REPLIES 15

Thank you everyone for you patience and responces; I really appreciate it.

 

I'm wondering if we're over complicating things though; surely there must be way to issue credits from a custom interface without CIM? The AIM guide says that credits can be done through the Merchant Interface, but if necessary, the API can be used for such transactions in custom applications. Note: We are using a slightly older version of PHP, so we can't use the AIM SDK.

 

If we are using AIM alone, what would the process be for issuing a credit?

As I understand it, the variables we need for a credit are the transaction ID,and last 4 digits of the CC.

Would we be able to look up the transaction ID from Authorize.net or would we need to store that ourselves?

Can the Transaction Details API to look up the transaction ID or is the TD API only good if we already know the transaction ID?

Would you typically just get the last 4 digits from the cardholder themselves?

 

Sorry; this is probably really basic stuff, but I'm new to this and our developer doesn't understand English too well so he's not helping me much.

Well, there is a function in the AIM SDK for issuing credits, it requires transactiion ID , amount, and the last 4 digits of the credit card number. Transaction ID you can store, but while there's a way to retrieve the last 4 digits of the credit card from a CIM payment profile, I don't think there's a way to do it for an AIM transaction, so you'll probably have to ask the cardholder for that. Voids are different - if the transaction hasn't settled yet, you can just void it, and that only requires transaction ID.

 

As for applying this knowledge, if you can't use the SDK in your version of PHP and can't upgrade PHP or move to hosting with better PHP, then you'll have to use XML posts and parse things yourself. That will get a LOT more difficult.

It is definitely easiest to store the transaction ID if you plan on offering the ability to issue a refund later.  As for the last 4 digits of the card number, you can retrieve this using the transaction details API calls or you can ask the customer to enter it.   Requiring the customer to enter the last 4 digits of the card number could be viewed as an extra security check to verify their identity.

 

You are correct that when issuing a refund through AIM, you only need to submit the original transaction ID, the last 4 digits of the card number, and the amount.

Thank you TJPride and Trevor! I think this is more along the lines of what we are looking for.

 

So we store the transaction ID on our end and either use CIM to store the last 4 digits or retrieve it from the cardholder.

If we don't use CIM, will we still be able to retrieve the amount charged using the transaction details API?

I think Trevor's saying it's possible to retrieve the last 4 digits of the credit card even if it was an AIM transaction, by using the transaction details API and the transaction ID. I would imagine the transaction amount is also included.

Hey spacysmoke,

 

The amount of the transaction is returned when you use the getTransactionDetails call of the Transaction Details API. It should return both the authorized amount and the amount submitted for settlement. For a complete list of what's returned in that call, check out the Transaction Details Guide.

 

Thanks,

 

Michelle

Developer Community Manager