While investigating another issue I notice that in the before_process function of includes/modules/payment/authorizenet.php in about line 260 we explode $response[0]. The thing is, $response is itself parsed earlier from $authorize which is derived from cURL in includes/modules/authorize_direct.php. $response[0] simply contains the numeric response code form authorize.net - hopefully "1". This leaves the other 3 variables empty and it does not appear that we do anything with them. Have i misinterpreted what is going on?