Q: How do I issue a refund using Authorize.Net?

A: To issue a refund using Authorize.Net, log in to your account and navigate to the Transactions tab. Find the transaction you want to refund, click on it, and then click the Refund button. Enter the refund amount and any necessary information, then click Submit.

To issue a refund using the Virtual Terminal, follow these steps:

1. Log into the Merchant Interface.
2. Click Virtual Terminal from the left side menu.
3. Under Select Payment Method choose Refund a Credit Card 
4. Provide customer information as requested on the Virtual Terminal screen. Minimum information needed to issue a refund includes the original transaction ID, the last four digits of the account that was charged, and the amount of the refund.
5. When issuing a refund for a transaction, the transaction ID assigned to the original transaction must be entered in the "Original Transaction ID" field. The Transaction ID can be located by viewing the original transaction details.
6. In a transaction details, only the last four digits of the credit card number or bank account are viewable.
7. Click Submit.

Q: How can I test a transaction using Authorize.Net's Virtual Terminal?

A: To test a transaction using Virtual Terminal, log in to your Authorize.Net account and go to Virtual Terminal. Enter the credit card number (e.g., 4111111111111111), expiration date, and the 3 or 4 digit number for the CVV code. For the address, use a valid address format. Click Submit to process the charge. The results of the charge attempt will be provided on the next page.

What is the purpose of the API Login ID, Transaction Key, Signature Key and Public Key for Authorize.net, and how can I obtain them?

The API Login ID and Transaction Key are unique to your account. They are used to connect your website or other integrated business application to the Authorize.net Payment Gateway for transaction processing. Please note that they are not valid for logging into the Merchant Interface. The API Login ID is sensitive account information and should only be shared on a need-to-know basis, for example with your Web developer for the purposes of integration with the payment gateway. 

API Login ID

The API Login ID is a complex value that identifies your account to the payment gateway when submitting transaction requests from your website. The API Login ID is at least eight characters in length and includes uppercase and lowercase letters, numbers, and/or symbols.

Transaction Key

The Transaction Key is a 16-character alphanumeric value that is randomly generated in the Merchant Interface and is used as an additional layer of authentication when submitting transaction requests from your website. The Transaction Key will not be visible at any other time in the Merchant Interface. You must record it temporarily or copy and paste it to a secure file location immediately. Like the API Login ID, the Transaction Key is sensitive account information and should only be shared on a need-to-know basis, for example with your Web developer for the purposes of integration with the payment gateway.

Steps to Generate Your API ID and Transaction Key

1. Sign into the Merchant Interface.

1. Select Account from the main toolbar.

1. Under Security Settings, select API Credentials & Keys.

1. Based on the need and integration, select New Transaction Key or New Signature Key.

1. To disable the old Transaction or Signature Key, check the box labeled Disable Old Transaction/Signature Key Immediately.

1. If the Disable Old Transaction/Signature Key check box is not selected, the old Transaction or Signature Key will automatically expire in 24 hours. 

1. Select Submit to continue.

1. Request and enter PIN for verification.

1. Your new Transaction/Signature Key is displayed.
   

Q: What are some common error codes when using Authorize.Net?

A: Some common error codes you may encounter when using Authorize.Net include:

E00027: This error indicates that the transaction was declined due to an invalid payment method.

E00039: This error occurs when the transaction is not allowed based on the current account settings.

E00040: This error indicates that the transaction was declined due to an issue with the card number.

E00041: This error occurs when the transaction is declined due to an issue with the card expiration date.

E00054: This error indicates that the transaction was declined due to an issue with the card CVV code.

If you encounter any of these errors, double-check the payment information you entered and ensure that your account settings are configured correctly.

How to access and setup Advance Fraud Detection Suite?

1. Log into the Merchant Interface.

1. Click Fraud Detection Suite in the main left side menu.

1. Click Setup Wizard.

1. Follow every step in the Wizard, so your settings will be successfully applied.
   

You can navigate through the wizard using Save (to save the changes) or Back (to go back to a previous setting) buttons located at the bottom of the page. If you decide not to enable a certain filter or setting right away, simply click Skip›› at the bottom of the page. The only time settings are saved is when you click the Save button (regardless of whether you clicked the check box to enable the filter). You can click Exit at any time to leave the Wizard, or wait until the end to click Finish. Regardless of if you leave the Wizard early or not, any settings you save will stay saved.

Advance Fraud Detection Suite Filters and Tools

Card Testing Settings: These filters help protect your account from abuse by fraudsters who are testing credit cards, and let you identify high-volume fraud attacks.

Daily Velocity Filter: This filter allows you to specify a threshold for the number of transactions allowed per day. All transactions exceeding the threshold in that day will be flagged and processed according to the filter action.

Hourly Velocity Filter: This filter allows you to specify a threshold for the number of transactions allowed per hour. All transactions exceeding the threshold will be flagged and processed according to the filter action.

Suspicious Transaction Filter: This filter triggers on highly suspicious transactions using proprietary criteria identified by Authorize.net. All transactions that meet this criteria will be flagged and processed according to the filter action.

Transaction IP Velocity Filter: This filter allows you to specify the maximum number of transactions allowed from the same Internet protocol (IP) address per hour. All transactions that meet this criteria will be flagged and processed according to the filter action. Advanced Integration Method (AIM) transactions must include the customer IP address (x_customer_ip) and user of Authorize.net API must include customerIP in order to use this tool.

Transaction Settings: These filters let you identify high risk transactions through Address Verification, Card Code Verification, and setting a maximum order amount.

Enhanced AVS Handling Filter: The Address Verification Service (AVS) is a standard feature of the payment gateway that compares the address submitted with an order to the address on file with the customer's credit card issuer. Merchants can then choose to reject or allow transactions based on the AVS response codes. AFDS includes an AVS filter that assists the decision process by allowing merchants the additional options of flagging AVS transactions for monitoring purposes, or holding them for manual review.

Enhanced CCV Handling Filter: Like AVS, Card Code Verification (CCV) is a standard feature of the payment gateway. CCV uses a card's three- or four-digit number to validate customer information on file with the credit card association. Like the AVS Filter, the CCV Filter allows merchants the additional options of flagging CCV transactions for monitoring purposes, or holding them for manual review.

Amount Filter: Set lower and upper transaction amount thresholds to restrict high-risk transactions often used to test the validity of credit card numbers. Transactions that are submitted with an amount less than your lower limit or greater than your upper limit will be flagged and processed according to the filter action selected. Be careful when setting an upper limit amount, as any combination of higher priced items may be purchased. You may want to search your transaction history for the highest transaction amounts you've processed in the past to determine an appropriate upper limit.

E-Commerce Settings: These filters help prevent common e-commerce fraud scenarios by verifying and comparing billing addresses, shipping addresses, and IP address locations.

Shipping Address Verification Filter: Verifies that the shipping address received with an order is a valid postal address.

IP Shipping Address Mismatch Filter: Compare the shipping address provided with an order to the IP address of where the order originated from. This helps to determine whether or not the order is shipping to the country from which it originated. Advanced Integration Method (AIM) transactions must include the customer IP address (x_customer_ip) and user of Authorize.net API must include customerIP in order to use this tool.

Regional IP Address Filter: Flag orders coming from specific regions or countries. You can choose to customize the filter actions based on an entire geographic area, or select country by country how to process transactions flagged by the filter.

Shipping-Billing Mismatch Filter: Identify high-risk transactions with different shipping and billing addresses, potentially indicating purchases made using a stolen credit card. If the two addresses do not match, the transaction is flagged and processed according to the filter action selected. This filter does not consider extra white spaces (the space key) at the end of the address information and is not case sensitive when checking for a mismatch. You may want to keep in mind that address mismatches are common with gift transactions and do not always indicate suspicious transactions. In order to use this filter, you must require both shipping and billing address information on your website's payment form; otherwise the filter cannot compare information.

IP Address Administration: These filters let you block specific customers’ IP addresses to prevent known sources of fraud. If you use our APIs, you may also specify which server IP addresses should be trusted by the payment gateway.

Authorized API IP Addresses: Configure a list of authorized server IP addresses from which API transactions will be accepted by the payment gateway. Any API transaction submitted from an IP address not included on this list will be rejected.

IP Address Blocking: IP Address Blocking allows you to block transactions submitted from IP addresses known to be the source of suspicious or fraudulent transactions. Advanced Integration Method (AIM) transactions must include the customer IP address (x_customer_ip) and user of Authorize.net API must include customerIP in order to use this tool.

Actions that can be performed on these filters

Process as normal and report filter(s) triggered: When this action is selected, transactions that trigger this filter are processed as normal, but are also reported in the Merchant Interface as triggering this filter. This action is useful if you want to "test" your filter settings.

Authorize and hold for review: When this action is selected, transactions that trigger this filter are sent for authorization, and upon successful authorization are placed in the Authorized/Pending Review state. Once in Authorized/Pending Review, you will have 30 days to manually review and either approve or void the transaction. If no action is taken in the 30-day period, the transaction will expire. This action is useful if you want to review authorized transactions prior to submitting for settlement.

Do not authorize, but hold for review: When this action is selected, transactions that trigger this filter are placed in the Pending Review state prior to being sent for authorization. Once in Pending Review, you will have 5 days to manually review and either approve or decline the transaction. Once you approve the transaction, it is sent for authorization. If no action is taken in the 5-day period, the transaction will expire. This action is useful if you want to review transactions prior to authorization to avoid incurring any associated authorization fees.

Decline the transaction: When this action is selected, transactions that trigger the filter will be declined automatically prior to authorization. This is the most severe action you can take for a transaction.

What is Address Verification Service (AVS) and how to use and configure it?

You can configure the AVS filter settings in the Merchant Interface to specify when a transaction should be rejected based on the results of the AVS match. The following result codes are possible:

What is Card Code Verification (CVV) and how to use and configure it?

You can configure the CCV filter settings in the Merchant Interface to specify when a transaction should be rejected based on the results of the CCV match. The following result codes are possible:

Why was my credit card transaction declined?

How to Review Transaction Details

1. Log into the Merchant Interface.
2. Click Transaction Search from the main toolbar.
3. Enter the relevant search criteria to find the transaction.
4. Click Search at the bottom of the page.
5. Click the appropriate Transaction ID to review the transaction details.

On the Transaction Detail page, the transaction status Declined is displayed directly under the Transaction ID. A brief reason for the decline may be provided in parenthesis.

Common Decline Messages and Information

Here are some common decline messages and information about the decline types:

Declined (Card declined by issuer - contact card issuer to determine reason.)

The customer's credit card issuing bank did not approve the transaction. This could be due to insufficient funds, frozen account status, invalid credit card number or expiration date, etc. The customer will need to contact the card issuing bank for more information. One way to recognize a bank decline is to look at the transaction's Address Verification Service (AVS) status in the Authorization Information section of the Transaction Detail page. If it shows AVS Not Applicable (P), this generally means that no verification of the address information was initiated as the transaction was declined beforehand.

Declined (Contact card issuer to complete transaction.)

A referral to a voice authorization center was received. Please call the appropriate voice authorization number below for the card type being used:

Declined (Card reported lost or stolen - contact card issuer for resolution.)

The transaction status means that the credit card has been reported as lost or stolen. The credit card company is informing you, as the merchant, that this card should be taken from the customer and destroyed. We understand this is impossible if the transaction was made via the Internet. In any case, you may contact the customer to inform them of the card's status, and seek another method of payment.

Declined (AVS Mismatch) or (Card Code Mismatch)

This means the transaction was declined due to the Address Verification Service (AVS) or Card Code Verification (CCV) results. AVS compares the billing address (numerical portions) provided in a transaction with the cardholder's address on file at the credit card issuing bank. CCV compares the card code (a three- or four-digit security code that is printed on the credit card) provided in a transaction with the card code on file at the credit card issuing bank. When enabled, both services return a code to the payment gateway indicating the verification results. You can configure settings for AVS and CCV in the Merchant Interface to decline transactions based on those codes.

Declined (The transaction was declined as a result of triggering a Fraud Detection Suite filter.)

If the account has Fraud Detection Suite (FDS) or Advanced Fraud Detection Suite (AFDS) enabled, you can configure the payment gateway to decline transactions that trigger specific FDS filters.

Declined Reason Codes

Authorize.net may not provide specific reasons for a particular decline, but here are some common decline reasons along with their associated Response Reason Codes: