Announcement

Collapse
No announcement yet.

authorize.net duplicate transactions

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    authorize.net duplicate transactions

    I know there's an on-going thread about duplicate orders but haven't seen anything mentioned about this issue:

    Using authorize.net payment module:

    1. Customer enters incorrect address and fails AVS (or incorrect CVV and fails that).
    2. Updates info and tries again. (And maybe again. And again.)
    3. At some point gets duplicate transaction error message returned from auth.net.
    4. Abandons site or calls us

    The workaround is for the customer to back up to the basket page and go through checkout again.

    Is this a known issue? Something that can be addressed by different settings in auth.net?
    :: The Office Dealer - http://www.theofficedealer.com
    :: ph/fax: 888-809-8893
    :: http://twitter.com/theofficedealer
    :: http://www.linkedin.com/in/bretsutherland
    Tags: None
    #2
    Re: authorize.net duplicate transactions

    So this is generally different that what is reported in that other thread. Authorize.net has the idea of a "Soft Decline" where it tentatively puts a hold on something but it returns a decline, ultimately waiting for you the merchant to make a decision one way or the other about it.

    Well Miva Merchant doesn't understand partial declines, only authorizations or declines. So when someone Declines but it was actually a "Soft Decline" they're stuck in this odd spot.

    The way to solve it is to adjust your Auth.net settings to not have Soft Declines.

    In a future update to Auth.net we're going to look at seeing if there's a way to do something with these features but for now the easiest solution is to turn them off.
    Thanks,

    Rick Wilson
    CEO
    Miva, Inc.
    [email protected]
    https://www.miva.com

    Comment

      #3
      Re: authorize.net duplicate transactions

      The matrix of settings in auth.net is pretty complex. Will take a look on Monday.

      Of course, it's also worth adding that it is utterly ridiculous that authorizations take place when they don't match the criteria. i.e. if you only want to authorize/capture a card if it passes AVS, why on earth does the industry force the authorization of the card and THEN decline it? Why not allow for the AVS check or whatever prior to the authorization? Doesn't make any sense and leads to so much frustration for merchants and card holders trying to get the declined transaction amounts returned to the card holders.
      :: The Office Dealer - http://www.theofficedealer.com
      :: ph/fax: 888-809-8893
      :: http://twitter.com/theofficedealer
      :: http://www.linkedin.com/in/bretsutherland

      Comment

        #4
        Re: authorize.net duplicate transactions

        Not seeing anywhere to specify the kind of declines. We have the recommended settings for AVS:
        The payment gateway will reject transactions based on your selection. The recommended AVS response code selections are B, E, R, G, U, S, and N.
        Would the module option for "Discard Failed Order ID" be relevant?
        :: The Office Dealer - http://www.theofficedealer.com
        :: ph/fax: 888-809-8893
        :: http://twitter.com/theofficedealer
        :: http://www.linkedin.com/in/bretsutherland

        Comment

          #5
          Re: authorize.net duplicate transactions

          Hello, we use Authorize.net and to avoid this issue we removed the AVS Match as a requirement and have an alert sent to us if there is a AVS mismatch.

          The transaction gets approved, no duplicate transaction error in Miva and the customer does'nt get frustrated or go away.

          If we have any concerns we can sik our fraud alert guys on it and take whatever action is necessary. We handle every order ourselves though so if you are so highly automated that you can't sniff out a fraudster our feedback may be irrelevant.

          We also use the Fraud Alert settings in our authorize.net settings and have certain restrictions set there to prevent multiple attempts from the same IP address using different card numbers or addresses in a certain amount of time (not very long :).

          Also, in Miva Admin we have our settings to decline after x attempts inside x minutes.
          Hope this helps a bit.
          Kristin Park

          Comment

            #6
            Re: authorize.net duplicate transactions

            Thanks, Kristin. (Un)fortunately we have way too many orders for that to be practical. And--don't tell anyone--but we also sell high fraud items. So we tend to get fraudulent orders rather than people trying to test out many cards.

            To date, we haven't had authorize.net flag any orders as suspicious even though some were for expensive items, bill-to and ship-to did not match, there were typos everywhere and the IP address was for Africa...so I'm not too convinced that paying them for their fraud detection is worth it for us.

            How does the fraud alert work in with the authorize.net module? What happens when a customer triggers it? Do they get locked out?

            Bret.
            :: The Office Dealer - http://www.theofficedealer.com
            :: ph/fax: 888-809-8893
            :: http://twitter.com/theofficedealer
            :: http://www.linkedin.com/in/bretsutherland

            Comment

              #7
              Re: authorize.net duplicate transactions

              Bret,

              Have you checked out the MaxMind module? The way we use it (and it works perfect for us) is that it prevents those from getting to the Gateway at all and we leave our Gateway free to accept any charge it allows.
              Thanks,

              Rick Wilson
              CEO
              Miva, Inc.
              [email protected]
              https://www.miva.com

              Comment

                #8
                Re: authorize.net duplicate transactions

                Hey Bret, Its only $5.00 a month and you can set it up to approve but not capture and send you an alert (so you can void it before capture and before shipping). You can also have it set up to completely block based on IP,address mismatch, AVS mismatch, and our favorite filter-Velocity.

                Velocity is a real good feature that will defeat the fraudsters and they will hopefully leave you alone because they no longer can check for valid cc numbers through your web store. Afterall, they-they are just checking for cc validity the easiest way possible.

                It was happening to us and we installed the Fraud Control Feature in Authorize.net set up the Velocity Filter. Worked like a charm. Was also really happy to be able to see the IP addresses that were doing all the charge attempts and block them too. Mostly from Nigeria and Greenland which I realize are high fraud countries. Haven't had to do any more blocks since but its nice to know its being monitored for us and if there are any problems we get to decide how to handle it.
                Kristin Park

                Comment

                  #9
                  Re: authorize.net duplicate transactions

                  OK, going to try some AB/multivariate* testing on fraud check vs megamind.

                  Thanks for the suggestions!


                  * that'll probably bring some SEO masters to the forums pretty quick
                  :: The Office Dealer - http://www.theofficedealer.com
                  :: ph/fax: 888-809-8893
                  :: http://twitter.com/theofficedealer
                  :: http://www.linkedin.com/in/bretsutherland

                  Comment

                  Previous template Next
                  Working...
                  X