Last Tuesday (and for a little while on Wednesday), Authorize.net’s payment gateway was down.
Authorize.net is one of the top ways that eCommerce stores take payments, so it meant a lot of lost sales yesterday for companies all around the Internet.
It’s very rare that they have an outage… but I wanted to send out a quick tip if it happens again and you want to save sales. (But there are risks).
Magento’s Saved Credit Card Option
So, let me first start off with the fact that this is not a PCI-compliant solution. It’s not ideal. I’d say that this is for emergencies only. And it might even be too risky for your company.
But if a payment gateway goes down completely, and you’re not able to take orders, my recommendation is to do a temporary bypass and turn on the Saved Credit Card Option.
Then, you can use a virtual terminal or other means to manually run the credit card for each order later.
Normally, the saved credit card option is something we use just for testing. It’s not as secure as using a payment gateway. It most likely goes against your merchant agreement that you signed.
But if a payment gateway like Authorize.net is down, my recommendation is to turn this on, save the credit card numbers on the site, and then run them when you are able.
You’ll want to then later remove them from the server, so that you can mitigate any risk of storing credit cards.
A couple of things to keep in mind:
- Is it worth the risk? You’ll need to weigh the risk of storing (temporarily) credit card information for an hour or so against the amount of lost sales. For some companies, this is a perfectly acceptable risk. For others, it’s not a line you want to cross.
- Make sure your shipping department knows that you have to manually run these credit cards in a virtual terminal before they ship anything. Magento will validate that a credit card is in the right format, but not that the card has any funds available to it.
- Credit card numbers are stored in the Magento database in an encrypted format. So if someone gets a backup of the Magento database, the data is encrypted. That said, if they know what they’re doing, a talented programmer will be able to decrypt the information.
- Unless you make some core file changes, Magento will not store the CVV2 code (the three digit code on the back of a MasterCard or Visa; on an Amex it’s four digits and on the front). Make sure you do not need the CVV2 to run credit cards in an offline mode (i.e. in a virtual terminal).
- You will need to have a programmer or someone comfortable with the database remove the credit card information from the system; this is not something you can do from the Magento admin panel.
How to Activate the Saved Credit Card Option in Magento:
So, if you’ve decided that the risk is acceptable, and you want to bypass your payment gateway. Here’s how to make it work.
In your Magento admin area, go to:
System –> Configuration –> Sales –> Payment Methods
You’ll see something like this (you may have fewer or more options, depending on your Magento version):
From here, click on the "Saved CC" option, and click "Yes" to enable the payment method.
At this point, I’d disable the other payment option until it’s back up and running.
I would recommend changing the title from "Credit Card (saved)" – this is the default value:
In this case, I changed it to read, "Pay by Credit Card":
I’m doing this for two reasons. First, it’s better to change it to something that will worry end users less. Most customers would worry if you are saving their credit card information. Plus, you’re not actually saving it for them to use for later purchases.
Second, it’s helpful to know which payment option you are seeing on the front end of the site, too. And if they are both called "Credit Card" it may be confusing.
There are a few other options for you to select on Magento’s Saved Credit Card option:
I’d recommend against the Card Security Code and the 3D Secure Card Validation, as you need to make core changes to Magento for it to be able to actually save the CVV2 code.
You can also set this payment method to only be available in selected countries (or all countries).
And you can set a Minimum Order Total and a Maximum Order Total if you’d like – you can leave these blank if you don’t want to set this.
Finally, the sort order tells Magento how high up to show this payment option. I’d set it as 0 or 1 to make sure it shows up on the top.
On the front end of the Website, when an end user goes through the shopping cart system, this is how the payment options will be displayed:
(Note: this is a stock installation of Magento Enterprise 126.96.36.199, but is pretty similar for other recent versions.)
When an end user selects the "Credit Card (saved)" option, they can put in their credit card info into the form:
Please note that the system will actually try to make sure that the credit card number is a valid card number. There’s a specific mathematical formula that determines the types of numbers that a card can be. For example, my 411111111111111111 credit card isn’t valid.
But note that if you put in a valid credit card number, the saved option doesn’t go to a payment gateway to see if funds are available for that card. It’s just saving it for you to run later. And if someone has a tyoooo in their number, you won’t know that until you try to run it.
To view the decrypted credit card information for an order, go to that order in the Magento admin area; it will be displayed when you open and process the order.
Summary: Bypass Payment Gateway
It’s always good to have options that keep sales coming in, even if your payment gateway is down.
This should be used as an emergency option, but one that can save sales temporarily.
Until next time…
Founder, Customer Paradigm
Via Facebook >>
Via Google+ >>
Via Linked In >>
Via Twitter >>
love referrals! Our
Referral Promise >>