My Merchant Account Blog
My Merchant Account Blog should help you with your merchant account and electronic payment gateway. Also
hopefully it will help explain some fraud attempts and how to notice fraud
on your orders.
Search My Merchant Account Blog
My Merchant Account Blog Categories
- Domain Names (1)
- Electronic Payment Gateways (4)
- LinkPoint (3)
- Merchant Accounts (38)
- Miscellaneous (10)
- Security (8)
- Web Hosting and Design (4)
My Merchant Account Blog Archives
- September 2008
- April 2008
- March 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
My Merchant Account Blog Recent Entries
- AVS Response Codes from LinkPoint API
- Credit Card Testing Numbers
- The LinkPoint Gateway
- The Security of Your Customers
- Payment Application Best Practices from Visa
- Let Me Use Your Merchant Account
- Our Grand Opening
- How to Handle a Large Order
- People Sending One Cent via Paypal
- Merchandise Not Received
Other Blogs
Pod Casts
SiteMap
AVS Response Codes from LinkPoint API
Sunday, September 28, 2008
When passing an Internet order via the LinkPoint API, a response will be sent back to your shopping cart. In this response, there will be numbers and letters. The response code will look something like:0097820000019564:YNAM:12345678901234567890123:
The first two letters (YN) is the AVS response. The numeric portion of the customer's address and ZIP code will be compared to the billing address on file from the card issuing bank. For example, if the address is 1234 Main St, Beverly Hills, CA, 90210. The numbers 1234 90210 will be compared. In the example above, the address matched (1234) but the ZIP code did not match.It is also important to know that the AVS has some limitations:
- The AVS is not always reliable; bad results can be triggered unnecessarily because people move, or report five-digit zip codes and some report nine-digit ZIP codes. This may generate a response stating that the address matches, but the ZIP code does not match.
- The AVS does not process most addresses outside the United States. If you decide to ship only to addresses with good AVS results, you will leave out most international orders.
The third letter comes from the card association and will vary. This letter will help you know how much more vetting needs to be done. Most shopping carts can be configured as well to understand these letters and immediately let the customer know if he needs to contact you, as the merchant, to verify the order.
| AVS Code | Visa | MasterCard | American Express |
Discover | Description |
|---|---|---|---|---|---|
| YY | Y | Y | A | Y | Address and ZIP code match |
| NY | Z | Z | Z | Z | Only the ZIP code matched |
| YN | A | A | Y | A | Only the numeric part of the address matched |
| NN | N | N | N | N | Neither the address or ZIP code matched |
| XX | - | W | - | - | Card number not on file |
| XX | U | U | U | U | Address information not verified for domestic transaction. |
| XX | R | - | R | R | Retry - system unavailable |
| XX | S | - | S | S | Service not supported |
| XX | E | - | - | - | AVS not allowed for card type. |
| XX | - | - | - | - | Address verification has been requested, but not received. |
| XX | G | - | - | - | Global non-AVS participant. Normally an international transaction. |
| YN | B | - | - | - | Street address matches for international transaction; Postal code not verified. |
| NN | C | - | - | - | Street address and Postal code not verified for international transaction. |
| YY | D | - | - | - | Street address and Postal code match for international transaction. |
| YY | F | - | - | - | Street address and Postal code match for international transaction. (UK Only) |
| NN | I | - | - | - | Address information not verified for international transaction. |
| YY | M | - | - | - | Street address and Postal code match for international transaction. |
| NY | P | - | - | - | Postal codes match for international transaction; Street address not verified. |
Check with your shopping cart vendor if these variables are not already programmed in your checkout process. It is up to you, the merchant, to decide if the transaction is fraudulent or not.
Credit Card Testing Numbers
Saturday, April 12, 2008
When you complete a credit card transaction on an electronic payment gateway, chances are very good you will be charged for the transaction. The transaction is going through a transaction provider and to a card association (Visa / MasterCard / Discover / American Express). The card association charges a fee to access their environment. To overcome this, LinkPoint created staging servers. Through this staging server, a web developer can mimic a transaction to verify the transaction and response.Since credit card numbers are developed using the Lunh's method or mod-10 algorithm, not just any number that meets these requirements can be sent. These test credit card numbers can be used on your live LinkPoint account. If you use these credit card numbers on your live (production) LinkPoint account, your account will be charged accordingly. If these numbers are used on a testing (staging) server, no fees will be collected.
| Card Type | Card Number | Exp Date |
Amount | Number of Digits |
|---|---|---|---|---|
| Visa | 4005550000000019 | current mm/yy |
$1.00 | 16 digits |
| MasterCard | 5424180279791765 | current mm/yy |
$1.00 | 16 digits |
| Discover | 6011000993010978 | current mm/yy |
$1.00 | 16 digits |
| American Express (Corporate) |
372700997251009 | current mm/yy |
$1.00 | 15 digits |
If the numbers above are used on your production (live) account, you will receive an approved response.
If you need to receive a declined transaction on your live LinkPoint account, use these numbers:
| Card Type | Card Number | Expiration Date |
Number of Digits |
|---|---|---|---|
| Visa | 4111111111111111 | any mm/yy | 16 digits |
| Visa | 4012888888881881 | any mm/yy | 16 digits |
| MasterCard | 5215521552155215 | any mm/yy | 16 digits |
| MasterCard | 5105105105105100 | any mm/yy | 16 digits |
| American Express (Corporate) |
378282246310005 | any mm/yy | 15 digits |
| American Express | 371449635398431 | any mm/yy | 15 digits |
| Discover | 6011111111111117 | any mm/yy | 16 digits |
| Discover | 6011000990139424 | any mm/yy | 16 digits |
| JCB | 3530111333300000 | any mm/yy | 16 digits |
| JCB | 3566002020360505 | any mm/yy | 16 digits |
Keep in mind that if you use your live LinkPoint account for any transaction, you will be charged. The test store from LinkPoint comes with the LinkPoint Basic / HTML, LinkPoint API, and LinkPoint Virtual terminal. You will be able to mimic LinkPoint transactions in a testing environment with be assessed any fees.
The LinkPoint Gateway
The LinkPoint Gateway is one of the larger electronic payment gateways in the United States. It was one of the first Internet payment gateways to offer a staging server for web developers. For some of its competitors, it was years before they offered a testing environment.After First Data completely owned 100% of Cardservice International, the LinkPoint gateway was the largest electronic payment gateway using First Data's platforms. The LinkPoint payment gateway was still being branded as YourPay through some of First Data's partner channels. And LinkPoint basically consumed the SurePay electronic payment gateway through mergers and acquisitions.
You might still hear YourPay being used today, but the LinkPoint gateway can also be called Integrated Internet Payments (IIP).
The Security of Your Customers
Wednesday, March 19, 2008
So I know in the past, we have always talked about credit card security, PCI Compliance, etc. But I would also like to remind you about your customer's usernames and passwords. How are these being stored? A lot of shopping carts will store this information in plain text. If the passwords are being stored in plain text and you have a server compromised, your users' information might be readily available for the hackers.Most shopping will store the information in a database like Microsoft Access, mysql, or MSSQL. You should be able to view the databases somehow, either though phpMyAdmin, Microsoft Access, or Microsoft SQL Server 2000 Desktop Engine (something similar). How you access this information is usually established when you choose a web hosting provider. Some will allow you to access the information also via an Open Database Connectivity (ODBC).
When you are viewing these tables and records, look for the table that stores your user's information, especially the password table. Are the passwords encrypted? If not, you should consider getting another shopping cart or contact the vendor for assistance to enable secure passwords.
A lot of consumers use the same password for everything. While this is a great risk to them, it is the quickest way for consumers to get to their information. This is the reason you want to protect them as much as possible.
Your Shopping Cart Password
First and foremost, your administrator password should be changed immediately when you start to add your items. Don't wait until you are going live - you have too much on you mind by then. Your password should contain letters, numbers and maybe a couple of extra characters like %, !, *, {, etc. The harder it is for you to remember, the better.Did you know that by changing your password from the vendor-supplied password, you have already met one of the requirements for PCI DSS?
Password Strength and Security
When new customers are signing up, your website should ask them for a unique password. And explain to them why your company is asking for this information. Password checker is also a great website to have them check their password strength.And when asking users to create an account, their session should be in a secure. This will help to protect them when they are entering their username and password. Even if you use a third party processor or have one of the electronic payment gateway's web page handle the transaction, if you are asking for a password, the page should be secure.