Jump to content
  • 0

Cc Declined With Braintree Payment Gateway, Ccv Missing Cited As Reason

jasontyde

Asked by jasontyde,

 Share

Question

jasontyde Newbie

jasontyde

Posted
Posted

Hi Community,

 

I am testing out Blesta under the free trial program and am having trouble with paying a first invoice.

 

I have setup Braintree as my one-and-only Payment Gateway and a Payment Account under one of my personal client accounts, including the Security Code (i.e. CCV).

 

However when I attempt to pay the invoice within the Blesta admin account *or* after logging in to the my client account through the Client Portal I get a declined error. The cited reason is that the CCV is required.

 

When I check the Gateway logs I see that the CCV string is indeed empty while the number and expirationDate strings are both a series of 'x' characters for each of these declined transactions.

 

I suspect that Blesta, when attempting to communicate with Braintree, is not including the CCV in its message.

 

Furthermore, the Payment Account is not showing the CCV in the UI form field, not even as an "xxx".

 

Note that I have verified my Braintree configuration and I have successfully conducted transactions through that gateway in the past.

 

Can anyone help?

 

Thanks, Jason

Link to comment
Share on other sites

11 answers to this question

Recommended Posts

  • 0
Paul Community Regular

Paul

Posted
Posted

It's great that you're prioritizing supporting Braintree's Vault and I look forward to when the Braintree plugin is updated with this capability.

 

My experience just now in testing was a little different that what I think should have happened after reading your words Paul. Specifically, I logged in to the Client Portal as the client I'm testing with. After deleting the one-and-only Payment Account for that client I initiated payment on the invoice, indicating that I wish to store my credit card details for future use (i.e. create a Payment Account). Based on your words I would expect this transaction to go through even with Braintree's 'CVV not provided' rule enabled as I am "submitting payment at the same time". However, that wasn't the case and I had to disable the 'CVV not provided' rule in Braintree to get the transaction to go through.

 

Am I misunderstanding your words Paul that indicate to me that simultaneously creating a Payment Account and submitting payment will send CVV info to Braintree?

 

As far as I understand it, the payment details should be sent directly to Braintree, including CVV if you are entering those details when making payment and not using a previously stored payment account. That's how I would expect it to work, but maybe what is actually happening is a little different. This is something we'll need Cody or Tyson to look into.

Link to comment
Share on other sites
  • 0
Paul Community Regular

Paul

Posted
Posted

CVV data is only passed along if making a payment by entering new card details. If you save a Payment Account and subsequently use it, the CVV is not sent because it is not stored. It's not stored because it is against merchant rules to do so and would result in non-PCI compliance, and termination of your merchant account.

 

In order to process recurring payments in Blesta with Braintree, you should disable the CVV requirement with them.

Link to comment
Share on other sites
  • 0
jasontyde Newbie

jasontyde

Posted
  • Author
Posted

That's good information Paul, thank you.

 

Investigating this further on my end reveals the following in the Braintree UI:

 

 

 

Edit CVV Rules
CVV numbers are not stored in the gateway, in accordance with PCI DSS. Rules configured here only apply to first time transactions, not to recurring or subsequent payments on a stored credit card. Reject Transactions If:
 CVV does not match (when provided) (N)
For Any Transaction
For Specific Transactions
 
 CVV not provided (I)
For Any Transaction
For Specific Transactions
 
 CVV is not verified (when provided) (U)
For Any Transaction
For Specific Transactions
 
 Issuer does not participate (when provided) (S)

 

Braintree has extensive and free anti-fraud tools that I'd like to leverage prior to storing a card in the Braintree Vault, and I note that Blesta supports MaxMind's minFraud and FraudLabs Pro as part of the Order System plugin I've installed and plan to use for selling new services.

 

From Paul's words it appears that when a client creates a new Payment Account to pay for a recurring subscription that the CVV will be sent to Braintree. Furthermore, I believe that my actions to manually create an invoice and Payment Account may prevent the CVV from being sent for paying that invoice I've been testing with.

 

Can I use Braintree's built-in CVV Rules to test a credit card prior to storing it in Braintree's Vault or do I have to use Blesta's built in third-party anti-fraud tools?

 

Thanks in advance for any and all help from this community.

 

Cheers, Jason

Link to comment
Share on other sites
  • 0
Paul Community Regular

Paul

Posted
Posted

Our official Braintree gateway does not yet support Vault or token based storage, so the CVV is not sent to Braintree unless you are submitting payment at the same time. We have a task to add support for vault/offsite storage of CC data, but it has not yet been completed.

 

So, the best way to proceed for now is to disable Braintree's CVV requirement. The option you provided "does not match when provided" may be sufficient for the interim.

 

I would highly recommend utilizing the fraud tools we have available at the moment and be on the watch for fraud, which I would suggest even if you could use restrictive CVV rules with Braintree. On the black market, hackers often purchase CVV data with the card data.

Link to comment
Share on other sites
  • 0
jasontyde Newbie

jasontyde

Posted
  • Author
Posted

It's great that you're prioritizing supporting Braintree's Vault and I look forward to when the Braintree plugin is updated with this capability.

 

My experience just now in testing was a little different that what I think should have happened after reading your words Paul. Specifically, I logged in to the Client Portal as the client I'm testing with. After deleting the one-and-only Payment Account for that client I initiated payment on the invoice, indicating that I wish to store my credit card details for future use (i.e. create a Payment Account). Based on your words I would expect this transaction to go through even with Braintree's 'CVV not provided' rule enabled as I am "submitting payment at the same time". However, that wasn't the case and I had to disable the 'CVV not provided' rule in Braintree to get the transaction to go through.

 

Am I misunderstanding your words Paul that indicate to me that simultaneously creating a Payment Account and submitting payment will send CVV info to Braintree?

Link to comment
Share on other sites
  • 0
Paul Community Regular

Paul

Posted
Posted

OK, I'm going to mark this as solved.

 

I'd like to Watch and Vote for the item you linked to, however I can't seem to without having an account on your Jira system. Do you allow your customers to participate in your Jira site for expressing support of ideas, problem solving, or whatnot?

 

We would love people to be able to participate by voting for features in Jira, but due to Jira's licensing scheme it's very cost prohibitive as they charge us by the user. Commenting on the original thread, or starting a new one under feature requests would be the best way to log support.. this thread definitely helps.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to question listing
×
×
  • Create New...