Salesforce Payments 101
- Transaction Types
- Authorization Techniques
- Address Verification System (AVS)
- Card Verification Number / Security Code
- Credit Card Number Formats
Payments can be a confusing topic. There are lots of details to consider when collecting credit card or ACH payments from your customers. Many different parties are involved, from billing systems, payment gateways, payment processors, issuing banks, acquiring banks, merchant accounts and more, with potential fees from multiple parties. Sometimes it seems that things in the world of payments are intentionally complex or unclear.
The following guide details some best practices and suggested techniques for payments in your Salesforce CRM system, and how they relate to your customers' experience, fees your company pays, and more. It is primarily focused on managing payments from Salesforce using the Chargent Payment Processing for Salesforce application, though much of the following applies to payments more generally.
For Salesforce and Chargent setup and configuration information, please refer to our documentation.
Chargent's buttons inside of Salesforce refer to the same transaction types you may already be familiar with from your virtual terminal or payment gateway web site interface. Here is how we define these terms in Chargent:
- Authorize - Authorization Only, used for checking if a credit card is valid or placing a hold on an amount for future capture.
- Charge - This Salesforce button performs an Authorization and Capture immediately, or Prior Authorization and Capture if an Authorization had been previously submitted. This button changes to Charge Authorized if you view a Chargent Transaction record in Salesforce.
- Refund - refunds a transaction that has been previously settled (between 1-120 days typically), also called a Credit on some payment gateways.
- Void - Cancels a transaction that has not yet been settled (most commonly a Charge from that same day) or an Authorization that has not yet expired.
For additional information, you may wish to refer to the documentation provided by your payment gateway.
Credit card authorization (also known as preauthorization, or authorisation for our friends in the UK and Commonwealth countries) is the process of determining whether a credit card is valid and has sufficient funds to accept a charge.
Authorizations can be performed as standalone transactions, or as the first part of a transaction to capture funds from the credit card. Chargent embeds both an Authorize button in Salesforce, as well as a Charge button, which performs both an Authorization and Capture in a single click of the Salesforce button.
Authorizations will disappear from a customer's account statement between 7 and 30 days, unless they are later captured, and do reduce available credit to the customer. For these reasons, capture of authorizations is generally recommended within 3 days.
To capture an outstanding Authorization in Salesforce, simply click the Charge button and the Type field on the Transaction will change from Authorization to Charge. You can also go to the Transaction record of the Authorization itself in Salesforce, and click the Charge Authorized button.
The best practice is to capture authorizations within 7 days, since they may have expired after that period. In addition, the shorter the time between the authorization and the capture, the more favorable the interchange rate charged by the issuer will be.
However, many payment gateways will allow authorizations to be captured through Chargent's Salesforce interface for up to 60 days, and some will allow captures of authorizations through their online portals for even longer periods.
Verifying a card
The validity of a new credit card can be checked by performing an authorization of a $0 or $1 amount. Note that this does not verify that the card holds sufficient funds to accept a future charge or a larger amount, but has the benefit of not placing a hold on your customer's funds and reducing their available credit.
- $0 authorization for Visa / MasterCard / Discover
- $1 authorization for American Express
For the $1 American Express authorizations, you can either Void them using the Void button in Salesforce, or simply wait for the authorisation to expire.
Placing a Hold on a Card
A typical credit card authorization hold earmarks part of the available balance on a card for your future capture, without actually pulling the funds at that point. Authorization holds for most credit cards expire after 7 days, although some can be shorter or longer.
For amounts over the $0 / $1 validation amounts, you should only authorize a credit card if you are intending to later capture the funds, since you are reducing the amount of credit available to your customer. In some cases your authorization could cause other transactions to be declined, or in the case of debit cards, could cause overdrafts for your customer, so use them carefully.
Visa, MasterCard, and American Express also have rules regarding acceptable authorization amounts for different types of transactions, so consult your merchant agreement for additional details.
Authorization holds on debit cards work in a similar manner to credit cards, reducing the available useable balance, although the actual balance in the customer's bank account is not changed until the authorization is captured and the funds transferred.
Capturing Authorization Holds
To later capture the funds you placed a hold on with an Authorization, you can either go to the Chargent Transaction record in Salesforce and click the Charge Authorized button, or use the Charge button on the Chargent Order, Opportunity, or Case record in Salesforce that contains an authorization transaction in its Transaction related list.
To release the funds back to your customer more quickly, such as a in situation where an order is canceled and you are not going to capture the funds, go to the Chargent Transaction record in Salesforce and click the Void button.
Note that Authorizations on debit cards typically expire in 1-8 business days, while Authorizations on credit cards can take up to 30 days to expire or "fall off", depending on the issuing bank of the credit card.
In addition, not all banks allow you as the merchant to void authorizations, so in some cases you could void an authorization but the hold would remain on your customer's account.
Partial Authorization Capture
Sometimes an amount less than the authorization needs to be captured, due to uncertainty regarding the final amount when the authorization was originally captured.
One example of this is restaurants, which typically authorize the amount of the bill plus 20%. Once the total amount of any tip is known, they will capture only that amount of the authorization.
For ecommerce businesses, the best practice is to use 3rd party tools to automatically calculate shipping costs and taxes (if any), and then to authorize for the correct full amount. When the goods are later shipped, you then capture the prior authorization.
To capture an amount less than what was authorized in Salesforce using Chargent:
- Go to the Transaction record of the Authorization in Salesforce
- Edit the Amount of the Transaction to be the amount you wish to capture
- Click Save
- Click the Charge Authorized button
The first time you perform a partial capture of an authorization in Salesforce, we recommend verifying that the correct amount was captured by logging into your payment gateway reporting interface.
To capture an amount more than your prior authorization, please contact your payment processor to see if it is possible and discuss options.
Authorizations are submitted in real-time when you click the Authorize or Charge button in Salesforce, but the capturing of funds does not happen just then. Typically charges are submitted in a batch once per day in what is known as Settlement.
Settlement batches can have any number of transactions greater than 0. There is no minimum for a batch, though there is typically cut-off time once daily when the batch is created.
Once Settlement happens a transaction can no longer be voided, and the process of getting money into your bank account has started. When the daily batch settlement occurs varies widely amongst the payment gateways, and often it is configurable.
Settlement batches can sometimes be initiated manually, but most payment gateways automatically settle transactions at a particular time. The following are some examples:
- Authorize.net: Settlement happens at the "Transaction Cut Off Time", which can be configured in the Authorize.net interface
- Chase: The auto settle time is chosen during the Chase Orbital application process. To change it, contact the production helpdesk.
- Cybersource: Can vary, though typically Midnight Pacific time. Settlement batch time can be changed by contacting support.
- Stripe: Midnight UTC (4pm PST / 5pm PDT)
Refunds allow you to provide a credit or refund to a transaction that has already settled. Typically you can refund transactions for somewhere between 60 and 180 days directly from Chargent within Salesforce. Beyond that period options include issuing refunds from your payment gateway web interface (not recommended since the refund won't be recorded in Salesforce) or unlinked credits (described below).
As with many things in payments there is tremendous variability between different providers, so check with your payment gateway / payment processor for details.
- Authorize.net: 120 days
- Cybersource: 60 days
- PayPal Payflow Pro: 60 days
- Stripe: No limit stated
- USAePay: 180 days
- Vantiv: No limit stated
- Stripe: Midnight UTC (4pm PST / 5pm PDT)
Refunds need to be tied to a prior settled transaction, and generally cannot exceed the amount of that previous transaction. If a Transaction has not yet settled, instead of refunding it you can simply void the transaction before the daily batch settles.
Many processors offer the capability of issuing a refund or credit which is not linked to a previous transaction. This effectively allows you to send a credit for an amount not tied to a previous amount charged, at any point in time that you wish.
This capability has different names at different payment gateways:
- Authorize.net: Unlinked Credits
- Stripe: Does not offer refunds not linked to charges
- USAePay: Open or Disconnected Credits
- Vantiv: Multiple options for refunding Vantiv or non-Vantiv processed charges
- Merchant e-Solutions
For security reasons, not all processors support this type of independent refund not tied to a previous settlement, and if they do you may have to request that it is enabled for your account. If your processor does not offer credits separate from existing transactions, and if you are beyond the refund cutoff time, you would need to find another method of refunding your customer (such as mailing a check).
Just like authorizations and charges, you can Void a refund the same day it is issued, before the daily batch settles.
Chargent offers a number of ways of issuing refunds through Salesforce. Simply click on the Transaction record in question, and then click the Refund or Partial Refund button. You can send multiple partial refunds related to a single transaction in Salesforce, but the total of all partial refunds may not exceed the amount of the original charge.
For credits, we have a Credit button and Credit Amount field available in the Platform edition of Chargent. These currently work with a few of our integrated payment gateways to send payments from Salesforce, so please contact us for additional details.
For full details on refunds, please see our documentation on refunds.
The Address Verification System (AVS) is a system used to prevent fraud and validate the ownership of a credit card, by checking the billing address of a credit card with the data on file at the credit card issuing company.
A wide variety of options are available in terms of how you use AVS, and how you would like transactions to be declined (or not) based on matches of the AVS data.
The Address Verification System checks the numeric portions of the Billing Address. As an example, if you enter 1234 Main Street, Anytown, CA 94107 in the Billing fields that Chargent Provides inside Salesforce (Billing Address, Billing City, Billing State, Billing Zip/Postcode), then AVS will check 1234 (the street number) and 94107 (the zipcode).
AVS is supported by Visa, Mastercard, and American Express through most card-issuing banks in the US, Canada, and the UK. Credit cards issued by banks in other countries may not support AVS and should return a response that it is not supported.
AVS Response Options
The card networks do not decline transactions based on a mismatch with the street address number or zipcode -- they simply return an AVS response, and you can configure filters in your payment gateway to decline or approve the transaction.
If you are in a business which does not experience credit card fraud generally, you may choose to approve transactions despite mismatches in some or all of the AVS data. For example, some B2B transactions have a low rate of fraud but a higher than normal rate of AVS mismatches, as the person using the card could be unaware of the correct billing address on a company card.
Note that regardless of the AVS Response flag, the credit card will have been authorized by the issuing bank. So your customer may have a temporary authorization hold on their card even if your payment gateway settings cause the transaction to be declined.
You may still be able to capture an authorization that received an AVS decline. Keep in mind that you should review those orders carefully, and that your bank may charge higher fees on transactions that did not pass AVS checks -- many banks and merchant processors use AVS as a way of avoiding non-qualified transaction surcharges. That can add about 1% to transactions, but may be worthwhile to your business if you have low fraud and a customer who you want to take a payment from without passing AVS checks.
When configuring your payment gateway filters, there are a number of response codes that AVS returns, and you can choose which ones to reject (decline) and which ones to accept (approve).
Log into the web interface of your payment gateway to configure which codes you want to enforce as filters, rejecting transactions that come back with those AVS codes. Here is a sampling of common codes:
- R = AVS was unavailable at the time the transaction was processed. Retry transaction
- G = The credit card issuing bank is of non-U.S. origin and does not support AVS
- N = Neither the street address nor the 5-digit ZIP code matches the address and ZIP code on file for the card
- A = The street address matches, but the 5-digit ZIP code does not
- Z = The first 5 digits of the ZIP code matches, but the street address does not match
- W = The 9-digit ZIP code matches, but the street address does not match
- Y = The street address and the first 5 digits of the ZIP code match
Require AVS Salesforce Field
The Chargent field Require AVS on the Gateway record in Salesforce is used to generate an error if it is checked and the Billing Address and Billing Zip/Postcode fields are blank.
In general, it is a best practice to always populate the Billing Address, City, State and Billing Zip/Postcode as they are often required by the payment gateway. Some gateways such as Cybersource also require Country and Billing Email be sent.
The CVN (Card Verification Number), also referred to as CVV2 (Card Verification Value 2), CVC2 (Card Validation Code 2), or CID (Card Identification Number) is a 3 digit code that appears on the back of credit cards, beside the signature area. For American Express cards, it is a 4 digit code on the front of the card.
Card verification numbers are used to reduce credit card fraud in card-not-present transactions (ecommerce or phone, where the physical card is not being swiped), in conjunction with the Address Verification System (AVS). Similar to AVS, card verification codes are optional for processing cards, and you can set filters in your payment gateway configuration for rejecting transactions based on the response codes.
There are a number of response codes, but some common ones are:
- M = Matched.
- N = Not matched.
- P = not processed by processor for unspecified reason.
Transactions with a valid card verification code will be processed as normal, but invalid codes will cause transactions to be rejected only if you have selected the appropriate settings in your gateway.
You can also choose to not use Card verification numbers at all, though it is generally recommended for security purposes, since it is designed to prove that the person giving you the credit card number in a card-not-present situation actually had physical possession of the card at the time.
Note that CVV2 / CVC2 values should never be stored in your Salesforce account for PCI Compliance reasons, so typically they should only be used the first time a card is authorized or charged.
Require Card Security Code
Chargent field on the Salesforce gateway record. If checked, Chargent will require a value be entered in the Card Security Code popup window. If the Card Security Code is left blank and this field is checked, an error will be generated.
Credit Card numbers have common formats that will tell you the type of card and other information. The first few digits tell you whether it is a Visa, Mastercard, American Express, or Discover Card. The first 6 digits identify the bank that issued the card, and the last digit is a check-digit, used to detect errors. The remaining digits (usually 9) are the cardholder's account number.
Card Number Prefix/Range
Card Validation Number Length
|American Express||34 and 37||15 digits||4 digits|