Cardholder name & Amex security code

[Ulysses]

We had the same problem with other billing software as it simply is not legal to "store it" so how do you send it to someone who manually processes the order? The rules however do not state that it can't be transmitted. Just means that after the transaction is completed there can be no record of it?

 

On the Visa site it states "And for your added protection, merchants are prohibited from keeping or storing the CVV2 number after the transaction has been completed." So you can store it until you process the transaction?

Precsely said. Providing WHMCS does not cause it to be stored by its software, when it passes on the information to merchants, then they are not liable.

 

More to the point, what each merchant does with the information it receives from cardholders, via WHMCS, or anywhere else for that matter, is a matter entirely between the merchant and the card company.

[trine]

Ok... I was a bit puzzled about this requirement at first, but this is simply because the way in which you present the card details to your merchant processor, is in fact a "new" single transaction.

 

I don't doubt that AMEX requires this for all "new" single transactions, but if you inquire about it, I am sure there is a way to do this without storing the card's CVV. This may entail using a payment gateway of some sorts.

 

We deal with AMEX too, and if we do not go through the our AuthNet payment gateway, but phone it in to our merchant bank, they will also require a CVV Code. However, the last time we actually phoned something in was perhaps in 97 or 98 ...

 

So, long story short ... Don't process cards in an off-line manner if it involves too much manual intervention.

[Ulysses]

Ok... I was a bit puzzled about this requirement at first, but this is simply because the way in which you present the card details to your merchant processor, is in fact a "new" single transaction.

 

I don't doubt that AMEX requires this for all "new" single transactions, but if you inquire about it, I am sure there is a way to do this without storing the card's CVV. This may entail using a payment gateway of some sorts.

 

We deal with AMEX too, and if we do not go through the our AuthNet payment gateway, but phone it in to our merchant bank, they will also require a CVV Code. However, the last time we actually phoned something in was perhaps in 97 or 98 ...

 

So, long story short ... Don't process cards in an off-line manner if it involves too much manual intervention.

Yes trine, but card companies have different requirements in different countries, and I'm only concerned with Amex AU.

 

You are quite right about the "first new" transaction concept, but sadly, down here, the only way we can do it is using this Amex procedure: Express Cap American Express transactions guide

 

Last time we processed Amex payments was 1 March 2007, so we are up-to-date with what they require.

 

We prefer not to use a third party merchant company to process cards because:

a) It costs more than dealing directly with Amex

b) Does not allow us to reject a potential customer (which we often do)

c) Open to fraud (unless yet more money is spent on fraud protection)

d) Unneccssary as we are already an Amex merchant

 

I'm sure there's a way for us to receive the information prospective clients want to send to us via this script, in order to purchase our services.

[webarama]

Surely you're not the only one in Australia faced with this issue? Did you take my advice from earlier today and call AMEX to ask them for suggestions? I am sure they will have some advice for you.

[Ulysses]

Surely you're not the only one in Australia faced with this issue? Did you take my advice from earlier today and call AMEX to ask them for suggestions? I am sure they will have some advice for you.

Mate, the advice I'm after is how to get the info prospective clients send us via this script. Amex is not the problem.

[webarama]

Matt has replied to you already, and it didn't seem to me like he was rushing off to make changes to accomodate you, so I am attempting to assist you (though I am wondering why I am bothering).

 

I understand that AMEX is not the problem, but maybe, just maybe, there's another merchant just like you faced with just the same issue that they have been able to help in the past. And maybe they could give you some assistance.

 

You have spent the entire day on here trying to get answers, but you haven't picked up the phone and asked them. That seems fairly silly to me. If I was after an answer, I would investigate all avenues, not just one.

[Ulysses]

Matt,

 

I do appreciate your input and suggestions, though you must agree that it is way easier to write a few lines of code to get a script to do what you want, than to implement change in a multi-national monolith like Amex.

 

In any event, this thread is now (I think) way off topic in that it is primarily about the script and not the card company and it's do's and dont's.

 

Cheers

[trine]

Ulysses,

 

Short of a payment gateway, you haven't many options to resolve this, without storing the card CVV.

 

I haven't tried the offline credit card plug, but does that allow the end-user to enter a CVV, and then you process it manually?

 

The only other thing I would think of is to re-write the WHMCS payment plug, and to add a line to mail you the CVV code or store it in a table with a reference to the original card.

[Ulysses]

trine,

 

I'm leaning towards your "only other thing" idea myself. We'll have a closer look at how it all works during the trials before we go live with it. But it's a well written script so I'm sure it will be a worthwhile investment.