Skip to main content

1.4K Messages

 • 

262.9K Points

Sun, Dec 15, 2013 10:27 PM

Closed

Once an order has been authorized can I change the order total?

Once a card has been successfully authorized, you can only capture the amount that was authorized. 
 
An authorization is a transaction between your store, the payment gateway, and the customer's credit card to confirm that the credit card has a balance that can afford the charge. You can cancel the order and then start a new order, but you cannot edit the order and then capture a new amount, even if the customer specifically requested it. 
 
BigCommerce is in compliance with the PCI standards that are put in place by the Payment Card Industry Data Security Standard. 
 
The Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The standard was created to help organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations which hold, process, or pass cardholder information from any card branded with the logo of one of the card brands.
Once a card has been successfully authorized, you can only capture the amount that was authorized within BigCommerce. 
 
An authorization is a transaction between your store, the payment gateway, and the customer's credit card to confirm that the credit card has a balance that can afford the charge. You can cancel the order and then start a new order, but you cannot edit the order and then capture a new amount, even if the customer specifically requested it. The only way to authorize a charge other than the one recorded by BigCommerce is to go directly to your payment gateway and authorize the charge there.
 
BigCommerce is in compliance with the PCI standards that are put in place by the Payment Card Industry Data Security Standard:

3.2 Do not store sensitive authentication data after authorization (even if encrypted).
Sensitive authentication data includes the data as cited in the following:
3.2.1 Do not store the full contents of any track (from the magnetic stripe located on the back of a card, equivalent data contained on a chip, or elsewhere). This data is alternatively called full track, track, track 1, track 2, and magnetic-stripe data.
3.2.2 Do not store the card verification code or value (three-digit or four-digit number printed on the front or back of a payment card) used to verify card-not-present transactions.
3.2.3 Do not store the personal identification number (PIN) or the encrypted PIN block.
 
The Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The standard was created to help organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations which hold, process, or pass cardholder information from any card branded with the logo of one of the card brands.

This conversation is no longer open for comments or replies and is no longer visible to community members.

Responses

No Responses!