Hello everyone!
I am trying to integrate SIM with our website. The website is hosted by 1and1.com under a Linux package. The system will be use to make reservations to attend meetings hosted by our company. If a person register and do not attend we will charge them a fixed amount of $75.00 if they attend we will not charge them. This is done basically to cover the cost of the people that do not show, but we still pay at the meeting facilities. We have been running this meeting for few years now but they were free and will remain free if a person show up. Usually we get about 30 registrants per event and often 5 to 15 registrants do not show, which means that those registrant are the one that we will actually change the transaction from "Authorized/Pending Capture to Capture.
So far I found out that I can accomplish this with SIM. We are planning in using SIM because we don't want to store any client credit card numbers in our own system, therefore minimizing PCI compliance.
So, here are some issues that I need to take care before we go live.
Thanks in advance for anyone willing to help me answer some of my concerns.
07-20-2011 09:48 AM
1. It is normal using SIM that your API Login ID is visible in the source code of your website. As long as the transaction key is not visible, then it is not a security concern.
Using the sample code as is, the amount can be modified by submitting a new amount as a POST or GET value. If you simply remove the section of code that reads the post values, then the it will not be possible for the customer to change the transaction amount.
2. The transaction type that you need to specify in order to run an Authorization Only is "AUTH_ONLY".
3. It is not possible to embed a SIM integration directly into an email. The best way to accomplish a similar result would be to include a link to your own website where the SIM integration is hosted. If you would like, you can use Javascript to make the form submit as soon as the page is loaded and automatically direct your customer to the Authorize.Net payment form. Otherwise, they will have to click the submit button after they land on your site.
07-25-2011 10:18 AM
Thanks very much for your insight!
08-31-2011 08:39 AM