Credit Card Auths only last for 30 days

[ElSlozzo]

Hi. I checked the first 10 pages or so of this forum but couldn't find anything too similar to my problem. My client is a leather manufacturer and when someone orders a product their CC is auth'd and the product is manufactured. Sometimes it can take 10 weeks to finish the product and send it to the customer - we capture the funds upon shipment.

According to what my client was told by mastercard, any pre-authorization on a card, can only exist for a maximum of 30 days. So we have customers whose pre-auth's have expired and we have to call them up and go over their CC details again, which nobody seems to appreciate (funny, hmm)

Am I the only person who has had this problem? If not, what was done to capture the funds after the 30-day CC pre-authorization expiration?

I could capture at time of transaction but then ppl are paying for something they may not receive for 10 weeks.

The customer would like me to hack Zen so the CC #'s show up in admin and they can charge them after the fact. If I do that it will be with a signed waiver releasing me from any actions associated with such procedures. Anyway, thot I'd ask! Your input is welcome!

[Kim]

I would suggest doing some reading on PCI compliance and storage of CC #s.

[ElSlozzo]

Thanks for your suggestion Kim. Assumingly and perhaps naively, I understood the out-of-box payment modules in Zen-Cart to conform to said compliance measures. I would like to know if, using these out-of-box payment modules, Zen-Cart users have ever had a problem when they auth the card and aren't able to produce/ship/bill the customer within the 30 day pre-authorization time set out by Visa and MC. What did they do? Manual/Offline processing with the CC# split up in the email? Not use Zen-Cart?

I came accross an approach today on a forum where manual processing was used for only certain products. This approach may work. Just curious what others have done.

[DrByte]

It's actually common for pre-auths to only be valid for 3-5 days, depending on the gateway provider and the nature of your business. You *can* negotiate with your gateway provider for longer authorization holds, to a degree. However, the card-issuer is the final determiner.

That said, if the options they offer don't suit your business needs, you'll need to use an alternate method. In Zen Cart v1.3.x, there's a built-in "Offline" credit card module which may suit your needs. As Kim mentioned, you'll need to do your own due diligence to ensure your gateway service provider will be satisfied by the approach you take to ensure you're not violating any TOS or PCI requirements.

[ElSlozzo]

Thanks for your reply. These pre-auths are 30 days (Section 3, under Prior Authorization and Capture) and the client still needs time to produce the product.

So what about this, if there was a way to sort the orders page by transaction status it would be easy to find the transactions that still need to be captured, along with their dates and even another column indicating number of days left out of 30; instead of paging through them all looking.

Even if, I could setup a cron run of sorts to email us the orders coming due X days before the end of the 30 days.

What do you think is easier, cron-style single php file that can do the counting/reporting of customers coming due and email them to me(my client)? Then we can get an idea of the final price and can go in and capture before the 30 days is up.
Or adding sorting to the orders page? (maybe this would be easy?)

And, how would I go about either?? Or rather, to begin what would be some good stuff to know?

Thanks very much. I look forward to any replies.

[DrByte]

You can already sort by order-status ... On the admin home page, you'll see all the order status choices in the lower left corner. Click on one, and it'll show you all orders with that status, sorted by date in reverse order.