[olug] [OT] PCI authorize without actual posting

Dave Weis djweis at internetsolver.com
Sun Apr 5 12:08:57 UTC 2009 

Take a look at this page for the sequencing
http://philip.greenspun.com/panda/ecommerce

Search for An Extra Layer of Transactions to get to the useful parts. 
It's a chapter of an online book about various web publishing things. 
Some of the technology is a bit dated but it's definitely worth reading. 
I've got the dead tree version.

Rob Townley wrote:
> PCI for this convo isn't Peripheral Component Interconnect, but
> Payment Card Industry.  There should be a few pros on the list
> considering this is Omaha.
> 
> There are authorizations to withdraw money and a few days later, the
> actual withdrawal - termed a post.  Pay a bill online Friday morning
> and it shows up Friday morning via your banks website immediately.
> Saturday, the transaction disappears from your online account.  Monday
> you wonder if you actually paid the bill.  Tuesday, it appears again
> and the money is actually withdrawn.
> 
> Have any of you had low level experience with a merchant processing
> system platform?  gnucash may be an example, maybe.   My banker said
> that sometimes the authorization goes through, but the merchant system
> does not go back and do a successful post to actually take the money
> out.  I find that a little hard to believe - i mean there are bugs and
> then there is giving money away.  Capitalism makes that bug
> impossible.  The battery backup could die, but the transaction
> processing would fix it later, boss.
> 
> Consider some frat boys renting a hotel room.  The hotel may require a
> credit card and request authorization to withdraw for a hefty room
> deposit.  This creates some kind of authorization number that usually
> goes unused.  The frat boys check out Sunday morning calmly thinking
> management won't notice the hole in the wall and the missing faucet.
> Sunday afternoon, the cleaning lady reports the damage.  Management
> cashes in that deposit authorization number, effectively converting it
> to a sale.
> 
> I can see that authorizations and capturing a previous authorization
> would be two different steps, but nobody ever forgets that second
> step, right?  No website is that dumb, right?
> 
> For more info, do a search for tran_type on the following page.
> http://secure.netbilling.com/public/docs/merchant/public/directmode/directmode3protocol.html
> 
> i have been up far too many hours ... sorry for the rambling.
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug


-- 
Dave Weis
Internet Solver
Your Technology Partner
515-224-9229
www.internetsolver.com

More information about the OLUG mailing list