Evolution of the Payment System

1 | published by Aleksey Bobkov on Tuesday, April 26, 2011

Yesterday we published the customer payment profiles feature. Payment profiles are an evolution of the LemonStand payment system, which enables you to store and reuse customer credit card information for subsequent orders. Credit card information is safely stored on by the payment gateway, not by LemonStand.

The option of storing customer credit card data is supported by many modern payment gateways. The common name for this option is "tokenization", but different payment gateways can use different names. For example, Braintree offers the Vault service and Authorize.Net has the Customer Information Manager API. The option to store credit card information can have a positive affect on customer loyalty, especially for stores which sell products with periodical nature (subscriptions, periodical issues, etc.).

Supported payment methods

We have implemented the payment profiles for Authorize.Net Advanced Integration Method (AIM) and Braintree Transparent Redirect payment modules. We chose these gateways to trial the technology and to make sure that it works with the most conventional payment gateway like Authorize.Net AIM and with an exotic API like the Transparent Redirect offered by Braintree.

We will be adding the payment profiles support to new and existing payment methods by request.

An interesting fact about card expiration dates

While developing this feature, we found that both Authorize.Net and Braintree gateways approve transactions created with expired payment cards. It was a confusing finding and we posted a support ticket to Braintree. In the response they explained:

Banks do not consistently reject transactions because of an expired card. Each bank develops it's own standards for rejecting transactions based on expiration dates, so we do not prevent expired cards from being processed, nor do we prevent them from being stored in the vault.

Also the response contained a link to an interesting blog post - Credit Cards Aren't Like Milk - They're Still Good After Expired.

What's next?

The further planned steps in the payment system development are:

Better Address Verification System (AVS) and Card Validation Number (CVN) reporting in LemonStand Administration Area. In the Payment Attempt popup window you will be able to check the AVS and CVN validation response values. Knowing the AVS and CVN response values is helpful for fraud detection.
Automated payments - the long-awaited feature for our Subscriptions module, which we are going to release soon after the Marketplace launch.