Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Need help sending customers IP to authorize.net


danho

Recommended Posts

Recently we have been getting a lot of spammers/botters using hundreds of credit cards a day. After speaking with Authorize.net they said if the customers Ip address is being sent with the transaction it would help them prevent the fraud that is trying to take place.

I am not sure how to accomplish this. I am pretty new to using Authorize.net AIM. If anyone knows how to set it up to include the customers Ip address it would be much appreciated, Or any insight I'm sure would help.

Link to comment
Share on other sites

Sorry IamJim, I'm somewhat confused as well. From looking through the AIM code I see the line:

 

'x_customer_ip' => tep_get_ip_address(),

 

So, It seems that AIM is getting the customer's IP, But is it automatically sending it to authorize.net?

I don't think it is because when I download the transaction from authorize.net I don't see an IP anywhere in the file.

I don't know if something needs to be changed or if AIM is sending the info to authorize, just not saving it in the transaction. Any clarification would really help.

Link to comment
Share on other sites

  • 1 month later...

Sorry IamJim, I'm somewhat confused as well. From looking through the AIM code I see the line:

 

'x_customer_ip' => tep_get_ip_address(),

 

So, It seems that AIM is getting the customer's IP, But is it automatically sending it to authorize.net?

I don't think it is because when I download the transaction from authorize.net I don't see an IP anywhere in the file.

I don't know if something needs to be changed or if AIM is sending the info to authorize, just not saving it in the transaction. Any clarification would really help.

 

danho;

I am having the same problems, both with the credit card spammers currently, and getting the ip address passed along.

It would be great if we could both find the help to set this up. Authorize.net tells you to contact your web developer, which unfortunately is me..., I know enough to be dangerous lol

 

What I need, is someone who could point out where on a installed and operating OSCommerce 2.2 version would I find the file or add the file so that i.p. addresses are passed along via AIM to authorize.net.

Where is the following code located or should it be located on an installed store ?

'x_customer_ip' => tep_get_ip_address(),

Is there anything else that needs to be set up, any sort of table in the database or any other setting needed to capture this info. ?

 

 

 

What I have done for now is change my settings in Authorize.net under the daily velocity section. This allows me to specify how many transactions, or attempts at transactions can be tried per day.

My plan allows for 250 transactions free per month. The spammers can easily hit this in one day, after that there is a per transaction / authorization charge, mine is 5 cents per attempt. Even if the attempt fails, you get charged a nickle each.

You have only 5 days to log into Authorize.net and approve or decline the transactions. After that they are deleted. So for now, this si slowing them down, but not stopping them.

If you pay for their advanced detection suite, there is a feature that allows you to ban traffic from i.p. addresses, so that they can not even attempt to authorize a card. This is what they are really trying to do, to see if a card number is good.

Getting the i.p. address may or may not really help in the end. Most will be smart enough to change the i.p. address and use another I would assume, but i have one now that has used the same I.P. address for 2 days in a row.

I was lucky enough to be online twice when they were and I used the who is online tool in the oscommerce cart to get the i.p. address.

I deleted their member names but they come back and register a new one of course.

The other problem so far with this, is that if a legitimate customer comes in and places an order, they get a message that the card info is being reviewed.

The order also does not pass along, as it is not a successful order as far as the cart is concerned.

There is some info in the Authorize.net transaction page that shows what they ordered, but it is not all of the info, and of course it will not show up on the store if you do manually approve it.

Since I like to use the store for all of the record eeping needs, this is inconvenient to say the least.

 

Any help would be greatly appreciated !

Link to comment
Share on other sites

danho;

 

I got it working for me, hope this helps you.

I am using: osCommerce Online Merchant v2.2 RC2a.

 

Via FTP, I downloaded the file authorizenet_aim.php that is stored here on my installation (yours may vary slightly ): /httpdocs/catalog/includes/modules/payment

 

Look for the following code:

 // Populate an array that contains all of the data to be submitted
     $submit_data = array(
       'x_login'               => MODULE_PAYMENT_AUTHORIZENET_AIM_LOGIN, // The login name as assigned to you by authorize.net
       'x_tran_key'            => MODULE_PAYMENT_AUTHORIZENET_AIM_TXNKEY,  // The Transaction Key (16 digits) is generated through the merchant interface
       'x_relay_response'      => 'FALSE', // AIM uses direct response, not relay response
       'x_delim_char'          => '|',
       'x_delim_data'          => 'TRUE', // The default delimiter is a comma
       'x_version'             => '3.1',  // 3.1 is required to use CVV codes
       'x_type'                => MODULE_PAYMENT_AUTHORIZENET_AIM_AUTHORIZATION_TYPE == 'Authorize' ? 'AUTH_ONLY': 'AUTH_CAPTURE',
       'x_method'              => 'CC',
       'x_amount'              => number_format($order->info['total'], 2),
       'x_card_num'            => $_POST['authorizenet_aim_cc_number'],
       'x_exp_date'            => $_POST['authorizenet_aim_cc_expires_month'] . substr($_POST['authorizenet_aim_cc_expires_year'], -2),
       'x_card_code'           => $_POST['authorizenet_aim_cc_cvv'],
       'x_email_customer'      => MODULE_PAYMENT_AUTHORIZENET_AIM_EMAIL_CUSTOMER == 'True' ? 'TRUE': 'FALSE',
       'x_email_merchant'      => MODULE_PAYMENT_AUTHORIZENET_AIM_EMAIL_MERCHANT == 'True' ? 'TRUE': 'FALSE',
       'x_cust_id'             => $_SESSION['customer_id'],
       'x_invoice_num'         => $new_order_id,
       'x_first_name'          => $order->billing['firstname'],
       'x_last_name'           => $order->billing['lastname'],
       'x_company'             => $order->billing['company'],
       'x_address'             => $order->billing['street_address'],
       'x_city'                => $order->billing['city'],
       'x_state'               => $order->billing['state'],
       'x_zip'                 => $order->billing['postcode'],
       'x_country'             => $order->billing['country']['title'],
       'x_phone'               => $order->customer['telephone'],
       'x_email'               => $order->customer['email_address'],
       'x_ship_to_first_name'  => $order->delivery['firstname'],
       'x_ship_to_last_name'   => $order->delivery['lastname'],
       'x_ship_to_address'     => $order->delivery['street_address'],
       'x_ship_to_city'        => $order->delivery['city'],
       'x_ship_to_state'       => $order->delivery['state'],
       'x_ship_to_zip'         => $order->delivery['postcode'],
       'x_ship_to_country'     => $order->delivery['country']['title'],
       'x_description'         => $description,
'x_customer_ip' 	=> tep_get_ip_address(),
       'x_test_request'        => (MODULE_PAYMENT_AUTHORIZENET_AIM_TESTMODE == 'Test' ? 'TRUE' : 'FALSE'),

 

If you look at the next to last line, you will see what and where I added the make it work.

I added this

  'x_customer_ip'         => tep_get_ip_address(),

I tried it with a transaction of my own and it is indeed working for me.

 

As I mentioned before, I am not planning on using the advanced fraud detection suite they offer, but rather will use the i.p. address from the attempts to try and stop them with a different method. :thumbsup:

Please let me know if this works for you !

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...