I'm looking these instructions on how to send various API requests. So far, in the sandbox environment, I'm able to successfully generate tokenized payment profiles, authorize credit cards using the payment profile id, and charge credit cards. Everything seems to be working correctly. However, I'm wondering about the following scenario:
- A customer enters credit card information on our website, including card number and expiration date.
- The information is used to generate a payment profile. However, the customer made a mistake and entered the wrong expiration date.
- In order to correct the mistake, the customer edits the infomation they entered and updates the expiration date to be correct.
What should happen in this situation? Which (if any) of the following options are available?
- Send a request to the API to update (not generate) the payment profile, using the payment profile ID. Note that I will not be able to include the credit card number in the request, because it will not be accessible on my end at this point.
- Determine the expiration date through an API that can verify it with the payment processor to ensure the date is correct. (This correction would happen upon trying to generate the payment profile.)
- Only update the expiration date on my end, and include it in the request the next time the customer tries to make a purchase and I authorize the credit card. (In this case, I am specifically wondering whether the authorization request will actually update the expiration date stored in the payment profile on CyberSource's end.)
- If none of these are an option, can I just treat it as a "new" payment profile generation request and store the returned profile id on the card, discarding the previous one? Or will this generation request fail since a profile already exists for this card number? (I can determine this through testing, but it's not a high priority since I consider this option a last resort.)