CiviCRM Community Forums (archive)

Authorize.net offers an optional fraud detection suite.  The way it works is that some transactions are put on hold until a human being at the non-profit organization either approves or declines the transaction, using admin tools in their Authorize.net account.  (The rules for which transactions are put on hold have some defaults, and the non-profit can also customize the rules.)

What I have observed in CiviCRM  when a transaction falls into this "on hold" category:    The return code from Authorize.net  is "1: 252 Your order has been received. Thank you for your business! "  Unfortunately, CiviContribute treats this as a failed transaction, so there is no record of the contribution in CiviContribute.   Worse yet, if this happened when an end-user was signing up for a paid event or using a CiviContribute page, there is no record of the data that they provided in the profile.   But because the message includes the words "Thank you for your business" the end-user thinks everything is fine.

What I think should be done in this situation: CiviContribute should create a contribution record (and also capture whatever data was typed into the profile). The status of the contribution record should be "pending" or "in progress".    If the transaction is later approved (and therefore processed), then Authorize.net will send an update to the "silent post URL".  When the CiviCRM silent post URL is called, CiviCRM should update the existing contribution record's status to "completed"