Authorize.net integration: Payments not going through

  • Profile Image
    dcote
    Asked on March 05, 2018 at 11:30 AM

    We are getting the following error:

    PCI :: Error during transaction

    This transaction cannot be accessed at this time. 

    ------------

    This is happening on multiple forms that have authorize.net payment integration.

  • Profile Image
    aubreybourke
    Answered on March 05, 2018 at 01:06 PM

    Yes I could reproduce the error:

    1520272389oue64.png

    So I have escalated this issue to Level 2 support. They will look into the problem and post a response here when they are ready.

  • Profile Image
    dcote
    Answered on March 05, 2018 at 04:43 PM
    New response received
    We have found out that there was a phishing attempt through our Jotforms
    that caused our Authorize.net account to get suspended. It appears that a
    bot that attempted over 1,000 times to charge credit cards through our
    Jotforms. None of the submissions where successful. We have since put a cap
    of 75 transactions per day to hopefully mitigate the issue in the future.
    Since the transactions were failing, I guess there is no way to capture the
    IP Address of the hacker. Does Jotform have a way to look for IP addresses
    ...
  • Profile Image
    aubreybourke
    Answered on March 05, 2018 at 04:55 PM

    Does JotForm have a way to look for IP addresses?

    Yes we do:

    1) You can view the IP address of each submission. Just click on the submission filter (small gear icon) and check the IP field.

    How-to-View-Form-Submissions


    2) It also possible to get more detailed submission information in JotForm analytics:

    https://www.jotform.com/form-analytics/


  • Profile Image
    aubreybourke
    Answered on March 05, 2018 at 05:01 PM

    Note that you can use a captcha to prevent bots submitting your form:

    How-to-Add-a-Captcha-Field

    You should use Google re-CAPTCHA as captcha version one is deprecated.


    And if you want even stronger protection you can use the email validator widget:

    https://widgets.jotform.com/widget/e-mail_validator

    It requires you users to register their email before submitting. They are sent a code. And can only submit your form using the code. This prevents bots from submitting your form.

  • Profile Image
    olivia
    Answered on March 09, 2018 at 08:28 AM

     Hello dcote,

    #1- PCI :: error during transaction

    I have cloned your form into my side and try to replicate your issue.

    I have used my AuthNet SandBox credentials and I could submit the form successfully. I didn't receive any error messages.

    Could you please check your Authorize.Net credentials (API Login ID and Transaction Key)? Please try again and if you replicate the issue again, please inform us.   

     

    #2- Phishing attempt

    According to my understanding, your Authorize.Net account was suspended because of the phishing issue on your form. Therefore, other submitters (real submitters) received error messages because of that. 

    Could you please share more details about the hacker such as email address, name, IP address etc of the hacker?

    I'll be awaiting for your reply.

    Thank you.

  • Profile Image
    dcote
    Answered on March 09, 2018 at 09:43 AM
    New response received
    We did find out it was a phishing attempt and to some measures with
    authorize.net to cap the amount of transactions that can happen hourly.
    They had suspended our account because there were over 1,000 attempts to
    submit credit cards on our forms last weekend…luckily non of them
    processed.
    But because none of them processed, there are no Jotform submissions and
    therefore I can’t see any ip addresses. And authorize.net doesn’t track the
    ip addresses…they just collect payments.
    Authorize.net unsuspended our account once we put in some limits to the
    transactions we can allow daily.
    *Dan Cote*
    *PROTech Web Designer | PRO Webmaster*
    *Pinellas REALTOR® Organization4590 Ulmerton Road | Clearwater, FL 33762P:
    727.216.3033 | dcote@tampabayrealtor.com *
    *www.PinellasRealtor.org* * | **Find us on
    Facebook*
    ...
  • Profile Image
    olivia
    Answered on March 13, 2018 at 02:29 AM

    Hello again,

    If there is no issue on your form, I will cancel the ticket. Please confirm me about your Authorize.Net issue. Please try to test your form if it is possible.

    I'll be awaiting for your reply.

    Thank you.


  • Profile Image
    omur
    Answered on March 13, 2018 at 02:37 AM

    Hello dcote,

    First of all thank you very much for your time to write us. 

    My name is Ömür and I'm the head of payment integrations team at JotForm.

    I've gone through the logs of your form and did not encounter any suspicious activity. Are you using Authorize.net in conjunction with another system as well? That might be the reason of the problem.

    If you can contact Authorize.net and make them disclose the IP address of the offender, we can ban it on the JotForm network as well. Just to be sure.

    I'm looking forward to your answer.

    Thank you very much

  • Profile Image
    dcote
    Answered on March 13, 2018 at 09:43 AM
    New response received
    Authorize.net was not able to give us an IP address of who was doing the
    phishing attempt. It seems like there hasn’t been any further attempts. And
    we don’t know which of our forms was being attacked. So I don’t think there
    is much more we can do.
    *Dan Cote*
    *PROTech Web Designer | PRO Webmaster*
    *Pinellas REALTOR® Organization4590 Ulmerton Road | Clearwater, FL 33762P:
    727.216.3033 | dcote@tampabayrealtor.com *
    *www.PinellasRealtor.org* * | **Find us on
    Facebook*
    ...
  • Profile Image
    omur
    Answered on March 14, 2018 at 01:46 AM

    Hello Dan,

    Thank you very much for the answer. If there are any new details, I'll be happy to help you further.

    Thank you