This is in response to Kai's post.

I have encountered this situation with a few clients. More specifically, in cases where an ARB subscription grants access to premium parts of a website, it is not completely validated until sometime later when Authorize.net's servers run their batch jobs to process ARB transactions. If the user enters invalid information, whether maliciously or accidentally, they still gain access to the premium parts of the site. Furthermore, Authorize.net does not notify you in any clear way (that I have seen) that the transaction failed. It probably is included with the end-of-day reports you get, but you would have to explicitly look at every one each day for the failure then go in and manually revoke that user's rights, which is both time consuming and terrible for customer relations.

The solution I have come up with is to submit the first payment as a normal payment transaction through the AIM API so you get an immediate response on the validity of the billing information. Then, if it goes through okay, set up your ARB subscription to start at the next billing cycle, rather than immediately. If the AIM transaction fails, you can inform the user immediately and therefore never give them access in the first place, or perform whatever notification and/or processing your system needs to do.

I hope this helps.

David Parker
President
IT DevWorks, LLC
http://www.itdevworks.com