rick,
just to be clear on a few things:
- i have made the code changes for the problems that you found while implementing this module. I hope the code changes are for the general good of the world, not just me
- it is strictly your choice as to whether you want to send the CVV with every transaction. as indicated by your post above, it is totally configurable on the authorize merchant dashboard. if you think you are more secure by requiring it for every transaction, and changing your setting in the dashboard, that is certainly available and we can make that happen. That 'click' setting within Auth.net is most likely a choice blindly made 10 years ago from a suggestion of our original processor. And like many choices made during initial setup, tend to get forgotten over the years until the choice has negative consequences. Thus triggering a widescale hunt.
- doing so would require your customer to re-input the CVV on every stored credit card transaction. which i think is a little burdensome on the customer. this is just my opinion. Agree
- my next version will have all of these corrections in the code. i will hopefully get it up there soon, but i can direct you to the code if you want it sooner. Not necessary & I am not losing sleep over this issue.
- my opinion is that requiring the CVV for the new credit card, not requiring it for the stored credit card, and setting the authorize dashboard so that it is not required is the best balance for security and convenience. that is how you are (were) currently configured. I have unchecked that box within the auth.net account
- currently, if you want authorize to send or not send the customer an email receipt, that has to be done on the authorize dashboard. we currently can not override that setting within this module. Not sure where this comment came from. We don't have auth.net send any customer receipt. Admin receipts yes, especially when fraud detection filters are triggered.
if i can answer any further questions or help in any way, please let me know.
best.