Configuring Network Merchants (NMI)
- Introduction
- Dedicated User Account
- Customer Vault
- Address Verification Service (AVS)
- Card ID Verification (CVV or CVV2)
- Duplicate Transaction Checks
- iSpyFraud™
- Setup Your Cheddar Account
1. Introduction
The Network Merchants (NMI) gateway service is a fully supported gateway for use with the Cheddar service. All features of Cheddar are supported by NMI's feature set.
2. Dedicated User Account
It is highly recommended to create a dedicated user account just for Cheddar. At a minimum, the user account must have permission to access the full API and the Customer Vault. Go to Options>Settings>User Accounts to setup a new user.
3. Customer Vault
The Customer Vault service is required for use with Cheddar. This is the mechanism used for credit card storage so that we can charge your customers on a recurring basis.
Contact your gateway provider to enable Customer Vault.
4. Address Verification Service (AVS)
By default, AVS is off in NMI. You may choose to turn on AVS checking and reject transactions for a variety of reasons. Here's a look at the settings available:
4.1 Accepting International Credit Cards
If you'd like to accept international customers (credit cards issued by non-US banks) you must at least uncheck "G" (also optionally uncheck "U" and "S"). If you accept non-US cards, the card holder will not have a zip code. In that case, just send Cheddar the non-US postal code. We'll send it to the gateway for verification but since "G" is unchecked, the card will not be declined for an AVS mismatch.
You can setup your AVS differently for US cards vs non-US cards. To do that, you'll need to pass the ISO standard 2-character country code when creating/updating a customer's payment method in Cheddar.
4.2 Accepting Gift Cards
Occasionally, a credit card either doesn't have a billing address associated with it or the US based card issuing bank doesn't support AVS. These cards are usually "gift cards". To accept such cards and other non-standard cards, uncheck "U" and "S".
5. Card ID Verification (CVV or CVV2)
By default, the NMI gateway does not reject (decline) transactions due to a CVV mismatch. You may choose to turn on CVV rejection based on various criteria. At a minimum, you probably want to check the "N" option.
Similar to AVS, you may choose different CVV settings for US issued cards and non-US issued cards. Again, for this to work, you must include the ISD standard country code when providing the billing address to Cheddar.
5.1 CVV and Recurring Billing
CVV is fundamentally incompatible with recurring billing. Don't worry, an explanation follows... The PCI DSS simply forbids storing the CVV in any way, at any level. Since the credit card information for your subscribers must be stored in order to be reused for future transactions, the CVV will not be sent with those future transactions.
You can, however, benefit by CVV validation by sending the CVV to Cheddar (or collecting it via the Hosted Pages). Cheddar will send the CVV to the native gateway for validation as long as a validation transaction is configured (see "Setup Your Cheddar Account" below) or if the payment method update inherently results in an underlying transaction.
5.2 Requiring CVV
If you'd like to require CVV, there's two ways to go about it. In Cheddar, you can check the "Require credit card verification code" box on the settings page. Alternatively, your provider can configure your processing account to require the CVV only on the first transaction. In the latter setup, the gateway will enforce the CVV requirement rather than Cheddar.
6. Duplicate Transaction Checks
By default, NMI rejects duplicate transactions with a 1200 second window. That means that any transaction executed with the same amount and card number inside of the same 20 minute window as an earlier transaction will be rejected. That can be problematic for recurring billing situations since you could legitimately have the same credit card used to pay for the more than one subscription. To work around this issue, ask your provider to enable the "Include Order ID when performing Duplicate Transaction check" option in the "Advanced Merchant Features" of the merchant setup.
7. iSpyFraud™
When iSpyFraud™ is enabled and a transaction is denied by the fraud checks, the Cheddar API will return the 422 response code and 6006 auxCode with a message of "The transaction was declined - contact support".
8. Setup Your Cheddar Account
Login to Cheddar, navigate to Quick Start->Go Live and complete the form with your NMI credentials.
8.1 Validation Settings
It is highly recommended to enable the credit card validation feature for both new subscription and card changes. Using validation means that the credit card will be validated with a real authorization, a real-world end to end test of the credit card. This is the best was to ensure that the credit card is legitimate and in good standing. Failing to enable this feature makes it possible for a customer to inadvertently enter invalid credit card details resulting in a failure of their next payment later on. Validation provides for the ability for you to give feedback to the customer in the event that the details they've entered are incorrect.
A validation authorization is required to take advantage of fraud checks, AVS checks, or CVV checks.
If your processing platform supports it, we will use a 0.00 "validate" transaction for validation instead of the traditional small auth/void.
8.2 Descriptor Display
You may optionally set a value for the Descriptor Display to match the descriptor set by your merchant account acquirer. This value is used on Cheddar's Hosted Pages to indicate to the customer what they should expect to see on their bank statement. It's best to make sure the descriptor is recognizable to your customers to lower the risk of your customers mistaking a charge on their card as fraudulent.
8.3 Processor ID
Setting the Processor ID is an optional, advanced feature that may be required if you have multiple processors setup in your NMI account.