search

AuthorizeNet / sample-code-php

This repository contains working code samples which demonstrate php integration with the Authorize.Net API
MIT License
176 stars 197 forks source link

Could not process Bank Of America debit or credit cards -> Card declined by issuer #68

Closed MilesYM closed 7 years ago

MilesYM commented 7 years ago

Hey Guys,

We’ve just implemented Authorize.net on our new platform to replace our old one (braintree).

We have done some tests, from the charge credit card example that we adapted to our code. It worked with Chase and Capital One debits card but didn’t work on any of bank of america debit and credit cards for some mysterious reasons. When looking on my profile I can read "Card declined by issuer”. I called the bank and they said the card wasn’t activated (When you receive a new card you need to activate it first). But all the card we’ve tried have been activated for long and we already processed payments online with (it also work on Braintree).

I went to my merchant service representative but they haven’t been able to help me. Am I doing something wrong? Did you hear about similar issues ? I’m concerned for other banks when turning this thing live.

Here is my piece of code :

`

            // Common setup for API credentials  
    $merchantAuthentication = new AnetAPI\MerchantAuthenticationType();   
    $merchantAuthentication->setName($this->ci->config->item('AUTHNETAPILOGINID'));   
    $merchantAuthentication->setTransactionKey($this->ci->config->item('AUTHNETKEY'));   
            $refId = 'ref' . time();

    // Remove potential white spaces
    $ccn = preg_replace('/\s+/', '', $ccn);

    // Create the payment data for a credit card
    $creditCard = new AnetAPI\CreditCardType();
    $creditCard->setCardNumber( intval( $ccn ) );
    $creditCard->setExpirationDate( $exp );
    $creditCard->setCardCode( $cvc );
    $paymentOne = new AnetAPI\PaymentType();
    $paymentOne->setCreditCard($creditCard);

    $order = new AnetAPI\OrderType();
    $order->setDescription("Ticket");

    // Create a transaction
    $transactionRequestType = new AnetAPI\TransactionRequestType();
    $transactionRequestType->setTransactionType("authCaptureTransaction");   
    $transactionRequestType->setAmount( $amount );
    $transactionRequestType->setOrder( $order );
    $transactionRequestType->setPayment($paymentOne);

    $request = new AnetAPI\CreateTransactionRequest();
    $request->setMerchantAuthentication($merchantAuthentication);
    $request->setRefId( $refId );
    $request->setTransactionRequest($transactionRequestType);
    $controller = new AnetController\CreateTransactionController($request);
    $response_api = $controller->executeWithApiResponse(\net\authorize\api\constants\ANetEnvironment::PRODUCTION);   

    if ($response_api != null)
    { // more code }`

I was hoping you could help me debut if it’s coming from here. Should I add the postal code or address to make sure it’s not a security issue on their hand ? Where could that come from ? I’m a little lost on this.

Thanks!

ashtru commented 7 years ago

Have you tried examining the transaction details of declined transaction in the MINT as described here ? More specifically, have you looked at the transaction's Address Verification Service (AVS) status in the Authorization Information section of the Transaction Detail page?

Have you tried to submit some of these transactions via the Virtual Terminal in MINT? Does it have the same effect? I came across one of the old issues raised in forums before, but there is no clear info about what was the case there.

You only need to provide postal address etc. , if you have switched the filter based on it in your MINT fraud filter settings. You can look at your active filters in MINT. Do you have any filters active?

MilesYM commented 7 years ago

Hello Ashtru!

Thank you so much for your detailed and prompt answer. I’m going to try to answer all your points.

Concerning the MINT, I did call the bank to get more details and went to my branch and talk to a merchant account representative who all told me the cards (we tried 3 different ones from Bank Of America) where declined because they were not activated .... which makes no sens since each of these cards have been activated a while ago and we used it many times for other online services.

Concerning the AVS here is what I have :
Address Verification Status: AVS Not Applicable (P)

To give you a complete overview :

Authorization Information Authorization Amount: USD 5.00 Submit Date /Time: 28-Jan-2017 09:10:00 PST Authorization Code: 000000 Reference Transaction ID: Not Applicable Transaction Type: Authorization w/ Auto Capture Market Type: eCommerce Product: Card Not Present Address Verification Status: AVS Not Applicable (P) Card Code Status: No Match CAVV Result Code: Not Applicable Fraud Score Applied: Not Applicable Recurring Billing Transaction: N Partial Capture Status: Not Applicable Customer IP: 172.2.20.100

You can look at my page here :

https://dev.joynr.co/35766

Security certificate don’t work for dev.joynr.co only for joynr.co so you might have a warning from your browser)

I’m only asking for the Card Number, CVV and Exp date. Should I add more fields ? Like postal code or name on the card ? Why ? Would that helps to have less card declined ?

Thanks!

MilesYM commented 7 years ago

Here is another declined request. For this one I’ve included the Billing address and name:

Unfortunately, the end result is still the same and all cards have been declined by the bank for different banks. Am I forgetting a setting or a security rule ?

Authorization Information Authorization Amount: USD 5.00 Submit Date /Time: 30-Jan-2017 11:18:49 PST Authorization Code: 000000 Reference Transaction ID: Not Applicable Transaction Type: Authorization w/ Auto Capture Market Type: eCommerce Product: Card Not Present Address Verification Status: Street Address: Match Zip: Matched first 5 digits (Y) Card Code Status: No Match CAVV Result Code: Not Applicable Fraud Score Applied: Not Applicable Recurring Billing Transaction: N Partial Capture Status: Not Applicable Customer IP: 172.2.20.100

MilesYM commented 7 years ago

Up!

Any help on this would be very appreciated. I’m stuck on this and neither the authorize.net technical support nor the bank can provide with a solution.

Thanks!

ashtru commented 7 years ago

@MilesYM , Apologies for the inconvenience faced by you. This is an unprecedented issue and we would require more information in order to figure out a root cause and solution.

rahulrnitc commented 7 years ago

Hi @MilesYM, the "Card Code Status: No Match" in the transaction details indicates a CVV mismatch. Please verify if the correct CVV is sent in the request.

MilesYM commented 7 years ago

I found where were my errors coming from. First, from my understanding, one parameter wasn’t set properly from my merchant account BoA.

Second, on the API reference, when specifying the format the exp date should take (a few are given) the MM/YY doesn’t work and always throw a credit card expired or incorrect. I spent days on that. you might want to change that. So far YYYY-MM (like on your example on GutHub) worked.

adavidw commented 7 years ago

Hi @MilesYM,

Can you give an example of a MM/YY date that doesn't work? I'm unable to reproduce in my testing.

adavidw commented 7 years ago

Since there hasn't been an update, I'm going to close this issue. If you have more information to provide related to this issue, feel free to reopen it.