Re: 7-8-09 need opinions / ideas on best way to design an online conference registration site

> Does their merchant account charge them for an AUTH_ONLY  
> transaction?  I assume that the gateway and merchant account fees  
> are less than $0.50 total for that type of transaction, whereas for  
> a PRIOR_AUTH_CAPTURE then the percentage (qualified discount rate  
> around 2-5% of the transaction amount) kicks in.  Maybe I'm wrong  
> and maybe it depends on the merchant account provider, but it would  
> be worth verifying.
>
> I would argue that it makes sense to place an AUTH_ONLY when the  
> order is submitted for these reasons:
>
> (1)  The authorization holds the funds on that card immediately if  
> available, else informs the customer of an error.
>
> (2)  Avoids storing PAN on systems that may be vulnerable to  
> security breaches, so it limits the client's exposure to risk and  
> liability.
>
> (3)  The AUTH_ONLY would be stored in a facility immediately so  
> that the data could be recovered in the future in case of a  
> disaster with the client's internal system.
>
> Sometimes walking a client through scenarios of what would happen  
> when PAN is stolen, or if their internal systems fail (hard drive  
> failure and no RAID, no backup), is enough to sober them up and  
> realize that hope is a lousy security policy.
>
> --steve
>
>
> On Wednesday, July 8, 2009, lasso@... (Tami Williams)  
> pronounced:
>
>> The thing is they don't want any kind of transaction done (not even
>> Auth_Only) by an automated system of any kind.  They don't want to
>> pay for any transactions except the ones they manually do themselves.
>>
>>
>> On Jul 8, 2009, at 6:13 PM, Steve Piercy - Web Site Builder wrote:
>>
>>> On Wednesday, July 8, 2009, lasso@... (Tami Williams)
>>> pronounced:
>>>
>>>> - at "checkout" the member's credit card information needs to be
>>>> captured but NOT submitted to the credit card processor (they do  
>>>> that
>>>> manually in house and keep the cc info in electronic form until it
>>>> has been manually processed - not changing this process)
>>>
>>> Just on this point, and if the client has an Authorize.net account,
>>> you don't have to store the PAN on the client system.  The A.net
>>> gateway returns a response with a transaction ID which can be used
>>> later for capturing authorized funds (usually within 30 days).
>>> Just store the transaction ID in FM, then submit the transaction
>>> again as a PRIOR_AUTH_CAPTURE.
>>>
>>> You could go even further with CIM instead of AIM, where you can
>>> store customer profiles, credit card numbers and shipping profiles
>>> on Authorize.net servers instead of the client's.
>>>
>>> --steve
>>>
>>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
>>> Steve Piercy               Web Site Builder               Soquel, CA
>>> <web@...>                  <http://www.StevePiercy.com/>
>>>
>>> --
>>> This list is a free service of LassoSoft: http://www.LassoSoft.com/
>>> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>>> Manage your subscription: http://www.ListSearch.com/Lasso/
>>>
>>>
>>
>>
>> --
>> This list is a free service of LassoSoft: http://www.LassoSoft.com/
>> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>> Manage your subscription: http://www.ListSearch.com/Lasso/
>>
>>
>
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> Steve Piercy               Web Site Builder               Soquel, CA
> <web@...>                  <http://www.StevePiercy.com/>
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>