In the gateway settings in CT for Authorize.net, it says that the required form fields are:
credit_card_number
expiration_year
expiration_month

Is this the only data that CT is passing to Authorize.net? And if so, how do I (or can I) add additional fields that get verified with Authorize.net (like the card security code, billing name, and billing address)?

Thanks,

—Carl.

Those required fields are just a preliminary check for form submission, and are not indicative of all the fields that are submitted to Authorize.net.

Billing, shipping, and security code information are all being passed.

If you’d like, you can make more fields be required to contain data before being processed by Authorize.net by adding a required parameter to your checkout form. Link to docs.

Thanks for the reply. It doesn’t seem like authorize.net is checking anything beyond the credit card number and expiration date. I can place orders with wrong billing name, wrong billing address, even a wrong security code. I have nearly every field in my checkout form set to be required on the CT side of things—both billing and shipping name and address info, as well as all the credit card information.

I have both CT and authorize.net in “test” mode—would that effect it at all?

My authorize.net merchant email receipts all say:

Type : Authorization and Capture

and

Address Verification : AVS Not Applicable

Any help/pointers greatly appreciated.

Thanks,

—Carl.

Also, per something I read in another forum post, I tried leaving CT in test mode, but putting authorize.net in live mode… Didn’t seem to have any impact.

AVS needs to be turned on in your Authorize.net settings. It’s not a CT setting. It’s an Authorize.net account setting. You’ll need to turn it on, and fine tune the settings. Authorize.net should be in live mode, and CT itself should be in test mode for testing purposes. To use AVS though, I believe that only runs on live transactions.. but I could be wrong on that.

Generally speaking though, I recommend paying CLOSE attention to Authorize.net AVS errors after you set it up. It’s very restrictive out of the box, so you’ll get a LOT of declined transactions. Generally, you’ll need to ease up a bit on some of the settings for it to work well for you.

Thanks. Just curious: when CartThrob is in “test” mode, what does it do differently when it sends info to authorize.net? Guess I’m just nervous about having authorize.net in “live” mode during testing.

There is an x_test_request field that gets set to TRUE or FALSE depending on mode.

From the Authorize.net API:

Transactions posted against live merchant accounts using this testing method are not submitted to financial institutions for authorization and are not stored in the Merchant Interface.