Linkpoint approving cards with bogus expiry dates?
I'm installing a shopping cart for a client and we're using the Linkpoint API from Card Service. I wanted to do some testing with entering bad transactions. So I took one of my CCs and used it to place a couple of orders.
The first one involved using a bad Expiration date, it was in the future, but not the correct one. The transaction was approved.
So I tried it using the correct expiration date but a wrong CVV2 code. Again, the trasaction as approved.
Is this normal or do I need to adjust a setting somewhere in the Linkpoint Central portal to prevent this?
In actuality, this is probably not a Linkpoint-specific issue - as long as the expiration was possible. If the expiration was prior to the current month, it should really be blocked on the gateway level without submitting it but I am not sure how that is handled with Linkpoint.
Under normal circumstances, however, whether a transaction is approved or declined is actually handled by the issuing bank for that credit card. When a payment gateway - whether it be Linkpoint or Authorize.Net or any other - sends through a transaction request, it is routed through the Visa or MasterCard network.
The network queries the issuing bank and the approval or declined comes from the issuing bank. If the issuing bank does not respond within the allowed transaction response timeframes, "stand-in" backup processing can be used to facilitate a response from Visa/MC regardless.
Not all issuing banks verify on the expiration date and so it is definitely possible to get an approved transaction even with the wrong expiration date.
CDGcommerce.com - Trusted Merchant Account Solutions since 1998
Many thousands of successful, growing businesses benefit from our expertise every day. You can, too!
We help merchants to eliminate gateway costs, reduce & mitigate fraud and achieve streamlined PCI compliance. Learn more today at http://www.cdgcommerce.com - we look forward to helping your business grow!
With LinkPoint, it is up to you, the store owner to make the final determination on whether or not to accept the credit card. There is a string that will come back from the gateway - something like YNAM
AVS compares the numeric portion of the street address and the zip code against the information on file with the card-issuing bank. If the street address number matches, the 3-digit AVS code will begin with a Y. If it doesn't, the AVS code will begin with an N. If the zip code matches, the second digit will be a Y; if not, it will be an N. If there is insufficient information to do a comparison, an X will appear in the first and/or second digit. An N indicates a higher probability of fraud.