On 17 Jul 2001, Steve Sobol wrote:

> From 'John Donagher':
> >> accounts, and too many bogus cards would not look good.
> >> 
> >
> >My suggestion is to run an authorization for an extremely small amount of money
> >($1.00 is fairly standard) and that will tell you if the account is valid or
> >not.
> Bad idea.
> Some software, in particular that from merchant-provider Cardservice
> International, will deny all transactions for a set number of days if you
> have two declines from the same IP in the same 24-hour period.

How exactly is a merchant responsible for the authenticity of the information
that a customer provides? That's why you use a payment gateway; because the
authenticity of a customer's payment information (be it credit card number,
available balance, whatever) is not something you can know. The algorithms you
can run may check the well-formedness of that number, but that is such a small
facet of the spectrum of failure causes you can run into in the process of a
transaction, that its usefulness will be rather limited.

I've built billing systems for two different companies, both with thousands of
customers, and hundreds of declined transactions every month (corresponding to
at least 10 a day). I've never run into such a thing, and I don't think what
you're saying is true, and I can't find anything to corroborate it on the
CardService website; can you please prove it? 

Any payment gateway that will _deny all transactions_ based on invalid
information being supplied by an end-user would be laughed out of the room by
medium to large-sized companies. I know this not to be the case with Verisign
Payment, at least.


John Donagher
Application Engineer
Intacct Corp. - Powerful Accounting on the Web
720 University Ave.
Los Gatos CA 95032

Public key available off http://www.keyserver.net
Key fingerprint = 4024 DF50 56EE 19A3 258A  D628 22DE AD56 EEBE 8DDD

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to