This is 37signal's beautifully simple credit card capture form for Highrise.<p>http://img.ly/2u8H<p>I'd like to know how feasible it is to create a form with so few fields. Presumably there are some fraud checks being skipped? Is this something that many payment gateways will allow? Does anybody know of any hacks to remove extra/unnecessary fields from card capture forms?
CVV isn't required and cannot be retained by anyone doing recurring billing. It is nice to have it as an additional fraud check for the first transaction. My discount rate doesn't change for CVV or non-CVV transactions. CVV is optional, but, if sent is verified. If it is incorrect, the transaction is declined.<p>For AVS verification, only the zip code is needed. I do get an additional discount on my merchant account if I send the numeric part of the street address, but, designing a form to ask for the street number but not the suite/apartment number for an extra half percent may drop the conversion ratio of the form. At best, you could get some people to enter the numeric portion, at worst, you probably require the two address lines for the billing address on the card.<p>The gateway I use allows me to specify the fields as optional, hidden or visible for every field, billing/shipping address, notes, etc. We can also submit a form to our gateway that can be used. However, we maintain a secure certificate and use our own forms to send the data and get back a recurring billing token from the gateway. That allows us to maintain a bit more control over the sales process.
Besides the CVV they are capturing everything you need. Most gateways will allow you to process without requiring the CVV (I know authorize.net will at least). If you start having a high rate of fraud they might force you start collecting it, but it is not a requirement out right I don't believe.
Please, please, please support card numbers with punctuation and spaces. I can't count the number of times I've been irritated that I can't use spaces or dashes or anything to punctuate the number and make it easier for me to check over. It's a single function call on your end.
As already mentioned, CVV isn't required. I believe that it's helpful in the event of a dispute, in that it's better to have than not have.<p>Another way to make it easier for the user is to auto-type the card. This table illustrates which card types match which patterns (e.g., cards starting with 4 are visas. If the user types in a 4, you can auto-select the card type, and save the user a step):
<a href="http://www.merriampark.com/anatomycc.htm" rel="nofollow">http://www.merriampark.com/anatomycc.htm</a><p>Aside from that, if you already have the user's information in a database (regular info, not credit) -- you can prepopulate some of the fields (first name, last name, zip), and just give them a button for 'not me'.