Integration and Testing

Authorize.Net API questions and help with your payment integration.

Posts: 6
Registered: ‎07-29-2010

how to validate name on credit card


we're currently using CIM and AIM.  i would like to know, what is the best way to validate that the first and last name provided by the customer exactly matches the first and last name associated with the credit card?  we actually did a test in production and to our surpise, we could enter a fake name and still authorized the transaction.  for our particular application, since we do not want to allow multiple customer accounts using the same name and billing address information associated with a particular credit card (for fraud reasons), we need to verify that the name they provided exactly matches the name on the card.  is there a way to do this using AIM/CIM? i looked into AVS but that seems to only validate the billing address, but we need name matching as well.


Posts: 1,476
Topics: 33
Kudos: 37
Solutions: 126
Registered: ‎09-14-2009

Re: how to validate name on credit card

You can't. It isn't sent over to the credit card processor for verification nor is there any way to verify it.

John Conde :: Certified Authorize.Net Developer (Brainyminds) :: Official Authorize.Net Blogger

NEW! Handling Authorize.Net's Webhooks with PHP

Integrate Every Authorize.Net JSON API with One PHP Class (Sample code included)

Tutorials for integrating Authorize.Net with PHP: AIM, ARB, CIM, Silent Post
All About Authorize.Net's Silent Post
Posts: 1,609
Topics: 15
Kudos: 209
Solutions: 121
Registered: ‎06-23-2011

Re: how to validate name on credit card

The name on the card is really unimportant. It's very easy to get someone's name, therefore the only items that really matter from a security standpoint are the card number, expiration date, and perhaps billing address (if you're using AVS). What's wrong with ignoring name and just checking for duplicate address / credit card? It ought to be ok to store a one-way hash (perhaps MD5) of the credit card number and billing address / zip code - it can't be reversed, and you can use it to check if anything new matches what's already in your database. The PCI DSS level of a fully-hashed credit card number is equal to or lower than that of AIM or CIM, so it won't increase your security requirements.