Integration and Testing

Authorize.Net API questions and help with your payment integration.

Reply
Member
Posts: 3
Registered: ‎08-08-2013

Trial Period Abuse

I offer a trial membership through my site.  I am looking for solutions to prevent trial abuise.  Meaning, I do not want someone signing up for a free trail, canceling before membership is billed, then signing up for another free trial.  Are there any solutions available through CIM for this problem? 

 

Ideally, I would like to query the existing customer profiles for the credit card number and see if it was associated with a previous trial.  Can this be done?

 

Any suggestion would be welcome. 

Expert
Posts: 4,525
Registered: ‎03-08-2010

Re: Trial Period Abuse

If you are not using the hosted CIM, you could use ONE generic customer profile, and add the cc# as a payment profile, if it successful, create the real customer profile and add that CC# to that.

Posts: 1,609
Topics: 15
Kudos: 209
Solutions: 121
Registered: ‎06-23-2011

Re: Trial Period Abuse

You would need access to previous credit card numbers in some form to be able to do that. Theoretically, you could use regular CIM rather than hosted CIM to set up profiles, and store one-way hashes of the numbers as they pass through so you can then check against them later. This will of course expose you to credit card data to some extent, and increase your security requirements significantly vs hosted CIM. What is the trial abuse rate right now?

Member
Posts: 3
Registered: ‎08-08-2013

Re: Trial Period Abuse


RaynorC1emen7 wrote:

 

If you are not using the hosted CIM, you could use ONE generic customer profile, and add the cc# as a payment profile, if it successful, create the real customer profile and add that CC# to that.


Isn't there a limit to 10 payment profiles on a customer profile?  If I add the card to a "trial" profile, wouldn't I be limited to only 10 credit cards to check against?

Member
Posts: 3
Registered: ‎08-08-2013

Re: Trial Period Abuse


@TJPride wrote:

You would need access to previous credit card numbers in some form to be able to do that. Theoretically, you could use regular CIM rather than hosted CIM to set up profiles, and store one-way hashes of the numbers as they pass through so you can then check against them later. This will of course expose you to credit card data to some extent, and increase your security requirements significantly vs hosted CIM. What is the trial abuse rate right now?


Thankfully, no major abuse at this time, but I am trying to be proactive. Obviouslty, I am hoping to avoid increased PCI scrutiny.

Expert
Posts: 4,525
Registered: ‎03-08-2010

Re: Trial Period Abuse

Didn't remember that. But you are correct, limit are 10. Probably have to do what TJPride suggest. Hash and might also saved the last 4.