danho Posted December 29, 2009 Share Posted December 29, 2009 Recently we have been getting a lot of spammers/botters using hundreds of credit cards a day. After speaking with Authorize.net they said if the customers Ip address is being sent with the transaction it would help them prevent the fraud that is trying to take place. I am not sure how to accomplish this. I am pretty new to using Authorize.net AIM. If anyone knows how to set it up to include the customers Ip address it would be much appreciated, Or any insight I'm sure would help. Quote Link to comment Share on other sites More sharing options...
IamJim Posted January 2, 2010 Share Posted January 2, 2010 Hi, I am confused...as inside Authnet...the already record the IP address Quote Link to comment Share on other sites More sharing options...
danho Posted January 4, 2010 Author Share Posted January 4, 2010 Sorry IamJim, I'm somewhat confused as well. From looking through the AIM code I see the line: 'x_customer_ip' => tep_get_ip_address(), So, It seems that AIM is getting the customer's IP, But is it automatically sending it to authorize.net? I don't think it is because when I download the transaction from authorize.net I don't see an IP anywhere in the file. I don't know if something needs to be changed or if AIM is sending the info to authorize, just not saving it in the transaction. Any clarification would really help. Quote Link to comment Share on other sites More sharing options...
Xtreme Graphics Posted February 13, 2010 Share Posted February 13, 2010 Sorry IamJim, I'm somewhat confused as well. From looking through the AIM code I see the line: 'x_customer_ip' => tep_get_ip_address(), So, It seems that AIM is getting the customer's IP, But is it automatically sending it to authorize.net? I don't think it is because when I download the transaction from authorize.net I don't see an IP anywhere in the file. I don't know if something needs to be changed or if AIM is sending the info to authorize, just not saving it in the transaction. Any clarification would really help. danho; I am having the same problems, both with the credit card spammers currently, and getting the ip address passed along. It would be great if we could both find the help to set this up. Authorize.net tells you to contact your web developer, which unfortunately is me..., I know enough to be dangerous lol What I need, is someone who could point out where on a installed and operating OSCommerce 2.2 version would I find the file or add the file so that i.p. addresses are passed along via AIM to authorize.net. Where is the following code located or should it be located on an installed store ? 'x_customer_ip' => tep_get_ip_address(), Is there anything else that needs to be set up, any sort of table in the database or any other setting needed to capture this info. ? What I have done for now is change my settings in Authorize.net under the daily velocity section. This allows me to specify how many transactions, or attempts at transactions can be tried per day. My plan allows for 250 transactions free per month. The spammers can easily hit this in one day, after that there is a per transaction / authorization charge, mine is 5 cents per attempt. Even if the attempt fails, you get charged a nickle each. You have only 5 days to log into Authorize.net and approve or decline the transactions. After that they are deleted. So for now, this si slowing them down, but not stopping them. If you pay for their advanced detection suite, there is a feature that allows you to ban traffic from i.p. addresses, so that they can not even attempt to authorize a card. This is what they are really trying to do, to see if a card number is good. Getting the i.p. address may or may not really help in the end. Most will be smart enough to change the i.p. address and use another I would assume, but i have one now that has used the same I.P. address for 2 days in a row. I was lucky enough to be online twice when they were and I used the who is online tool in the oscommerce cart to get the i.p. address. I deleted their member names but they come back and register a new one of course. The other problem so far with this, is that if a legitimate customer comes in and places an order, they get a message that the card info is being reviewed. The order also does not pass along, as it is not a successful order as far as the cart is concerned. There is some info in the Authorize.net transaction page that shows what they ordered, but it is not all of the info, and of course it will not show up on the store if you do manually approve it. Since I like to use the store for all of the record eeping needs, this is inconvenient to say the least. Any help would be greatly appreciated ! Quote Link to comment Share on other sites More sharing options...
Xtreme Graphics Posted February 13, 2010 Share Posted February 13, 2010 danho; I got it working for me, hope this helps you. I am using: osCommerce Online Merchant v2.2 RC2a. Via FTP, I downloaded the file authorizenet_aim.php that is stored here on my installation (yours may vary slightly ): /httpdocs/catalog/includes/modules/payment Look for the following code: // Populate an array that contains all of the data to be submitted $submit_data = array( 'x_login' => MODULE_PAYMENT_AUTHORIZENET_AIM_LOGIN, // The login name as assigned to you by authorize.net 'x_tran_key' => MODULE_PAYMENT_AUTHORIZENET_AIM_TXNKEY, // The Transaction Key (16 digits) is generated through the merchant interface 'x_relay_response' => 'FALSE', // AIM uses direct response, not relay response 'x_delim_char' => '|', 'x_delim_data' => 'TRUE', // The default delimiter is a comma 'x_version' => '3.1', // 3.1 is required to use CVV codes 'x_type' => MODULE_PAYMENT_AUTHORIZENET_AIM_AUTHORIZATION_TYPE == 'Authorize' ? 'AUTH_ONLY': 'AUTH_CAPTURE', 'x_method' => 'CC', 'x_amount' => number_format($order->info['total'], 2), 'x_card_num' => $_POST['authorizenet_aim_cc_number'], 'x_exp_date' => $_POST['authorizenet_aim_cc_expires_month'] . substr($_POST['authorizenet_aim_cc_expires_year'], -2), 'x_card_code' => $_POST['authorizenet_aim_cc_cvv'], 'x_email_customer' => MODULE_PAYMENT_AUTHORIZENET_AIM_EMAIL_CUSTOMER == 'True' ? 'TRUE': 'FALSE', 'x_email_merchant' => MODULE_PAYMENT_AUTHORIZENET_AIM_EMAIL_MERCHANT == 'True' ? 'TRUE': 'FALSE', 'x_cust_id' => $_SESSION['customer_id'], 'x_invoice_num' => $new_order_id, 'x_first_name' => $order->billing['firstname'], 'x_last_name' => $order->billing['lastname'], 'x_company' => $order->billing['company'], 'x_address' => $order->billing['street_address'], 'x_city' => $order->billing['city'], 'x_state' => $order->billing['state'], 'x_zip' => $order->billing['postcode'], 'x_country' => $order->billing['country']['title'], 'x_phone' => $order->customer['telephone'], 'x_email' => $order->customer['email_address'], 'x_ship_to_first_name' => $order->delivery['firstname'], 'x_ship_to_last_name' => $order->delivery['lastname'], 'x_ship_to_address' => $order->delivery['street_address'], 'x_ship_to_city' => $order->delivery['city'], 'x_ship_to_state' => $order->delivery['state'], 'x_ship_to_zip' => $order->delivery['postcode'], 'x_ship_to_country' => $order->delivery['country']['title'], 'x_description' => $description, 'x_customer_ip' => tep_get_ip_address(), 'x_test_request' => (MODULE_PAYMENT_AUTHORIZENET_AIM_TESTMODE == 'Test' ? 'TRUE' : 'FALSE'), If you look at the next to last line, you will see what and where I added the make it work. I added this 'x_customer_ip' => tep_get_ip_address(), I tried it with a transaction of my own and it is indeed working for me. As I mentioned before, I am not planning on using the advanced fraud detection suite they offer, but rather will use the i.p. address from the attempts to try and stop them with a different method. :thumbsup: Please let me know if this works for you ! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.