AUTHORIZE.NET GATEWAY FAQ
How do I refund a credit card or bank account from within my Authorize.Net Gateway?
When submitting a refund, the following rules apply:
You can only refund a transaction that has been previously authorized using the payment gateway.
The original transaction that you wish to refund must have a status of Settled Successfully.
You cannot issue refunds against unsettled, voided, declined or error transactions.
The refund transaction must be issued within 120 days of the date the original transaction was settled.
A refund transaction cannot exceed the amount of the original transaction.
The payment method provided in the refund transaction must match the payment method that was provided in the original transaction.
You must provide the last four digits of a masked credit card or bank account number from the original transaction.
How do I connect my website to the payment gateway to submit transactions?
There are multiple ways to connect to the payment gateway. You should choose the connection method that best suits your business needs and Web development resources.
What are the types of integration available?
Advanced Integration Method (AIM) – AIM offers the most flexible integration, allowing merchants to host their own secure payment form and send transactions to the payment gateway using an end-to-end Secure Sockets Layer (SSL) connection.
Server Integration Method (SIM) – SIM uses scripting techniques to authenticate transactions with a unique transaction fingerprint. SIM also provides a customizable payment form and receipt page hosted on the payment gateway’s secure server.
Certified Shopping Carts – Certified shopping carts integrate to the payment gateway using AIM and are compliant with the highest payment gateway security standards. Certified shopping carts are an ideal solution for merchants with minimal Web development resources.
Which integration method should I use to link my Authorize.Net gateway to my website?
The following questions will help you determine what integration method you should use. You may need to contact your Web developer for additional information regarding these questions.
Is a credit card physically presented to the merchant during a transaction? If YES, use Card Present (CP).
Do you or the shopping cart (or other service provider) you are using have a Secure Sockets Layer (SSL) certificate? If YES, use Advanced Integration Method (AIM). If NO, use Server Integration Method (SIM).
Do you require the payment form to show your website’s domain name (for example, http://www.merchant.com)? If YES, use AIM. If NO, use SIM.
Do you want to keep the customer on your website throughout the payment process? If YES, use AIM. If NO, use SIM.
Why is my customer’s credit card being declined?
The payment gateway does not always receive a specific reason as to why a credit card transaction is declined by the card issuing bank. All of the details provided by the processor for a transaction are displayed on the Transaction Detail page. In the case where a transaction has been declined due to AVS Mismatch, Card Code Mismatch, or FraudScreen.Net thresholds, this information is displayed at the top of this screen indicating the reason for the decline.
What does “Address provided does not match billing address of cardholder” or “AVS mismatch” mean?
These are two responses generated by the Address Verification Service (AVS), a credit card verification system that compares the billing address information provided by the customer with the billing address on file at the customer’s credit card issuing bank. The processor then returns an AVS response code that describes the status of the match. The payment gateway compares the AVS response code against the AVS settings established by the merchant in the Merchant Interface and either accepts or rejects the transaction.
The AVS filter is not intended for use as absolute protection against fraud, nor is it intended for use in all processing scenarios. Settings should be made carefully to be sure that the filters are implemented appropriately based on specific processing needs.
How can I customize the payment gateway hosted payment form?
You can customize the background, text color, header, footer, and the form fields displayed on the payment gateway hosted payment form.
Step 1: Click Settings in the left side menu.
Step 2: Under Transaction Format Settings, click Payment Form.
Step 3: Customize the payment form settings to your business.
The header and footer sections allow you to reference logo images and also support the use of style sheets (.css).
What is PCI-DSS?
PCI-DSS stands for Payment Card Industry-Data Security Standards. The PCI-DSS is a security standard which helps organizations that process cards to prevent credit card fraud. PCI security standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The PCI-DSS applies to all entities that store, process, and/or transmit cardholder data. When your merchant account is approved you are issued a MID (Merchant Identification Number). Each MID is required to register for compliance.
How do I become PCI Compliant?
To fulfill your obligation to become PCI DSS compliant, you are required to take the Self Assessment Questionnaire (SAQ) and undergo scanning services of your payment network, if applicable, within 90 days of establishing your merchant account. To access both of these services, please visit https:\\compliance.merchant-info.com. Please enter your merchant account number as your user ID and the last five digits of your Merchant account number followed by your state abbreviation associated with your physical address on your merchant account as your password (example: 12345CA).
I am already PCI-DSS compliant; do I have to use your scanning and SAQ?
No. If you are already compliant and/or are using another scanning vendor you can send a copy of your certificate to your eCMS agent. Once verified by our security staff, you will not be billed the PCI Non-compliance fee. Results need to be uploaded annually or upon amendment for the SAQ and quarterly if you require scanning. Failure to do so would result in the PCI Non-compliance fee being levied to you.
Do all merchants need to be PCI-DSS compliant?
What happens if I never complete the SAQ?
After 90 days you will be billed the PCI Non-Compliance Fee monthly until compliant. If you are breached during that time you would be responsible for any associated fines and direct cost of the breach.
Where can I go to learn more about PCI-DSS?
The latest PCI-DSS security standard can be located at http://pcisecuritystandards.org. Each processor is responsible for compliance but a good resource for agents and merchants can be found on the Visa.com website at http://usa.visa.com/merchants/risk_management/cisp.html
How do I close my Merchant Account/Authorize.Net Gateway Account?
The dedicated team of eCMS believe that innovative merchant solutions and exceptional customer support are fundamental in achieving customer loyalty and long-term, mutually successful relationships with our valued merchants. Through maintaining client satisfaction, we anticipate that our merchants will not feel the need to leave us or will provide us with the opportunity to resolve any matters of issue before seeking other options.
However, should you need to close your account, please contact your friendly eCMS representative for the Account Closure Request Form and instructions to ensure that your merchant account is properly closed and no further monthly fees are debited. As soon as we receive and submit your closure request form, you will be sent a confirmation email. We will email you again as soon as the closure is complete!
If you wish to close your Merchant Account, please call 888.277.3332
If you wish to close your Authorize.Net Gateway, please call 877.447.3938