The problem appears to be that Authorize.net seems to have changed something and it's compounded by some broken communication between Authorize.net and the merchant services provider.
It goes like this:
• The user tries to send a transaction that has some non-essential piece (ZIP, street address, etc.) of information wrong.
• The transaction goes through.
• Authorize.net/merchant services provider get confused and, instead of sending back an authorization number, send back an error.
• FloristWare correctly sees the "error" and lack of auth number as a fail and tells the user to try again.
Typically at that point the user adjusts something and tries again, with the card being charged again. As long as the essential information (card number and exp date_ stays the same the card is processed again. If the non-essential information is correct (or the user removes it) it will be the last time. If it is wrong again the process - and the charges - keep repeating.
The solution is to immediately turn off all AVS settings in Authorize.net and advise them of what is happening. This is absolutely not a FloristWare issue and Authorize.net is aware of this - in another instance, Authorize.net refunded all the extra charges and made apology phone calls.