Not sure if this is the best place.

I've been processing credit cards for 3 years now. I started out with full price authorizations, converting to sales. That leads to the inevitable calls and complaints that I "double charged" people or tied up their debit card balance if they kept retrying over and over, creating more auths on their account.

So I noticed that Visa was charging a small penalty for "abuse of auth system", looked into that, and saw that Visa has actually required $0.00 auths for AVS checks for a while now, and penalizes you if you make auths that never batch.

So I reprogrammed my cart, and went through a laborious process with my credit card processing company (their default network rejected $0 auths!) so that now my cart does a $0.00 authOnly transaction, and then if that succeeds, it does a full price "sale" transaction.

This has been working pretty well, but it seems that some banks don't know how to handle it. The other day Chase sent a fraud alert to one of my customers because of the $0 auth followed by a sales transaction apparently looks like fraud to them.

Another issue is that if the $0 auth succeeds, but the sale transaction fails (AVS correct but their card is near the limit, or something like that), then if they resolve the issue and retry, they get "duplicate <zero auth approval code>" as a rejection code.

I'm pretty sure I'm going to be penalized if I convert a $0 auth directly, that is, batch a transaction amount against the approval code returned for the $0 auth, but at the same time, it seems like they want me to reuse that auth's approval code with the duplicate rejections.

If anyone has any insight on the "right" way to do this, I'd appreciate it.