[jira] Created: (OFBIZ-1716) POS: CVV2 code is not always deleted from the DB

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

[jira] Created: (OFBIZ-1716) POS: CVV2 code is not always deleted from the DB

Nicolas Malin (Jira)
POS: CVV2 code is not always deleted from the DB
------------------------------------------------

                 Key: OFBIZ-1716
                 URL: https://issues.apache.org/jira/browse/OFBIZ-1716
             Project: OFBiz
          Issue Type: Bug
          Components: specialpurpose/pos
    Affects Versions: Release Branch 4.0
            Reporter: Chris Lombardi


I ran a transaction that was declined by the processor.  I later noticed that the cvv2 code was still present in the database.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Commented: (OFBIZ-1716) POS: CVV2 code is not always deleted from the DB

Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12580999#action_12580999 ]

Chris Lombardi commented on OFBIZ-1716:
---------------------------------------

I have to go read the interchange guidelines to determine what is allowable for retention of cvv2 for retries in an ecommerce context.  If anyone has any comments on this, please chime in.

Here's the section that may need to be changed:

PaymentGatewayServices: 1770

            if (context != null && authResult.booleanValue()) {
                orderPaymentPreference.set("statusId", "PAYMENT_AUTHORIZED");
                orderPaymentPreference.set("securityCode", null);
                orderPaymentPreference.set("track2", null);                
            } else if (context != null && !authResult.booleanValue()) {
                orderPaymentPreference.set("statusId", "PAYMENT_DECLINED");
            } else {
                orderPaymentPreference.set("statusId", "PAYMENT_ERROR");
            }


> POS: CVV2 code is not always deleted from the DB
> ------------------------------------------------
>
>                 Key: OFBIZ-1716
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1716
>             Project: OFBiz
>          Issue Type: Bug
>          Components: specialpurpose/pos
>    Affects Versions: Release Branch 4.0
>            Reporter: Chris Lombardi
>
> I ran a transaction that was declined by the processor.  I later noticed that the cvv2 code was still present in the database.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Updated: (OFBIZ-1716) POS: CVV2 code is not always deleted from the DB

Nicolas Malin (Jira)
In reply to this post by Nicolas Malin (Jira)

     [ https://issues.apache.org/jira/browse/OFBIZ-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux updated OFBIZ-1716:
-----------------------------------

          Component/s:     (was: specialpurpose/pos)
                       ALL COMPONENTS
             Priority: Critical  (was: Major)
    Affects Version/s: SVN trunk

> POS: CVV2 code is not always deleted from the DB
> ------------------------------------------------
>
>                 Key: OFBIZ-1716
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1716
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL COMPONENTS
>    Affects Versions: SVN trunk, Release Branch 4.0
>            Reporter: Chris Lombardi
>            Assignee: Jacques Le Roux
>            Priority: Critical
>
> I ran a transaction that was declined by the processor.  I later noticed that the cvv2 code was still present in the database.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Assigned: (OFBIZ-1716) POS: CVV2 code is not always deleted from the DB

Nicolas Malin (Jira)
In reply to this post by Nicolas Malin (Jira)

     [ https://issues.apache.org/jira/browse/OFBIZ-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux reassigned OFBIZ-1716:
--------------------------------------

    Assignee: Jacques Le Roux

> POS: CVV2 code is not always deleted from the DB
> ------------------------------------------------
>
>                 Key: OFBIZ-1716
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1716
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL COMPONENTS
>    Affects Versions: SVN trunk, Release Branch 4.0
>            Reporter: Chris Lombardi
>            Assignee: Jacques Le Roux
>
> I ran a transaction that was declined by the processor.  I later noticed that the cvv2 code was still present in the database.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Commented: (OFBIZ-1716) POS: CVV2 code is not always deleted from the DB

Nicolas Malin (Jira)
In reply to this post by Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12581814#action_12581814 ]

Jacques Le Roux commented on OFBIZ-1716:
----------------------------------------

Hi Chris,

AS long as you don't persist the CV2 code in DB there is no problems to keep it in a session.

> POS: CVV2 code is not always deleted from the DB
> ------------------------------------------------
>
>                 Key: OFBIZ-1716
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1716
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL COMPONENTS
>    Affects Versions: SVN trunk, Release Branch 4.0
>            Reporter: Chris Lombardi
>            Assignee: Jacques Le Roux
>            Priority: Critical
>
> I ran a transaction that was declined by the processor.  I later noticed that the cvv2 code was still present in the database.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Commented: (OFBIZ-1716) POS: CVV2 code is not always deleted from the DB

Nicolas Malin (Jira)
In reply to this post by Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12588231#action_12588231 ]

Jacques Le Roux commented on OFBIZ-1716:
----------------------------------------

Hi Chris, All,

I just had a look at it and yes indeed there seems to be a problem there...

> POS: CVV2 code is not always deleted from the DB
> ------------------------------------------------
>
>                 Key: OFBIZ-1716
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1716
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL COMPONENTS
>    Affects Versions: SVN trunk, Release Branch 4.0
>            Reporter: Chris Lombardi
>            Assignee: Jacques Le Roux
>            Priority: Critical
>
> I ran a transaction that was declined by the processor.  I later noticed that the cvv2 code was still present in the database.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Commented: (OFBIZ-1716) POS: CVV2 code is not always deleted from the DB

Nicolas Malin (Jira)
In reply to this post by Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12588237#action_12588237 ]

Jacques Le Roux commented on OFBIZ-1716:
----------------------------------------

I did not change it yet in the case of PAYMENT_DECLINED, since I think that, in such case, the transaction may be retried one or more times. If it's well done I suppose that at the end of transactions (with success or not) securityCode and track2 are "nullified" in the DB. So for now I only nullified int the case of PAYMENT_ERROR and I hope it's the exit door (did not look further)

> POS: CVV2 code is not always deleted from the DB
> ------------------------------------------------
>
>                 Key: OFBIZ-1716
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1716
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL COMPONENTS
>    Affects Versions: SVN trunk, Release Branch 4.0
>            Reporter: Chris Lombardi
>            Assignee: Jacques Le Roux
>            Priority: Critical
>
> I ran a transaction that was declined by the processor.  I later noticed that the cvv2 code was still present in the database.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Commented: (OFBIZ-1716) POS: CVV2 code is not always deleted from the DB

Nicolas Malin (Jira)
In reply to this post by Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12588241#action_12588241 ]

Chris Lombardi commented on OFBIZ-1716:
---------------------------------------

I'm not sure of  the scenario where you wouldn't just report back to the customer that their card has been declined and instead retain the cvv code for later retries.

1.  Online e-commerce
2.  POS
3.  Card  taken over phone by sales
4.  Recurring subscriptions

For cases 1, 2 and 3, just report back declined.  The customer may enter in a different credit card.  For case 4, you shouldn't retain the cvv code past the initial transaction.

In reading the code, there was some retry logic for a not sufficient funds (nsf) case.  Could anyone  explain when this is actually used?  I'm having a hard time figuring out when you wouldn't just report back to the customer with a decline.


> POS: CVV2 code is not always deleted from the DB
> ------------------------------------------------
>
>                 Key: OFBIZ-1716
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1716
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL COMPONENTS
>    Affects Versions: SVN trunk, Release Branch 4.0
>            Reporter: Chris Lombardi
>            Assignee: Jacques Le Roux
>            Priority: Critical
>
> I ran a transaction that was declined by the processor.  I later noticed that the cvv2 code was still present in the database.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Commented: (OFBIZ-1716) POS: CVV2 code is not always deleted from the DB

Nicolas Malin (Jira)
In reply to this post by Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12588403#action_12588403 ]

David E. Jones commented on OFBIZ-1716:
---------------------------------------

The NSF retry stuff can be used for any order, but is mostly intended for automatic orders done through ShoppingLists.

Either way, it totally depends on business policy and desired process.

For CVV codes it doesn't matter anyway. You cannot store or in any way remember them beyond the time scope of the transaction they were entered for (and if it is split into auth and capture then that would be ONLY the auth part you can keep the code for).

That means for ALL automatic retries you will not have the CVV code, and will not get the benefit of the discounted transaction fee for having the CVV code. That's the only real difference.

Again, it's all a business decision to be made with an understanding of these sorts of constraints. Whatever is done OOTB in OFBiz needs to be changeable to different situations. Well, it is always changeable, but the goal is to make more common variations easier to configure.

> POS: CVV2 code is not always deleted from the DB
> ------------------------------------------------
>
>                 Key: OFBIZ-1716
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1716
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL COMPONENTS
>    Affects Versions: SVN trunk, Release Branch 4.0
>            Reporter: Chris Lombardi
>            Assignee: Jacques Le Roux
>            Priority: Critical
>
> I ran a transaction that was declined by the processor.  I later noticed that the cvv2 code was still present in the database.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Commented: (OFBIZ-1716) POS: CVV2 code is not always deleted from the DB

Nicolas Malin (Jira)
In reply to this post by Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12588410#action_12588410 ]

Chris Lombardi commented on OFBIZ-1716:
---------------------------------------

I'll fix it to delete the cvv and track2 information per DJ's comment.  JLR, do you have any objections?

> POS: CVV2 code is not always deleted from the DB
> ------------------------------------------------
>
>                 Key: OFBIZ-1716
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1716
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL COMPONENTS
>    Affects Versions: SVN trunk, Release Branch 4.0
>            Reporter: Chris Lombardi
>            Assignee: Jacques Le Roux
>            Priority: Critical
>
> I ran a transaction that was declined by the processor.  I later noticed that the cvv2 code was still present in the database.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Commented: (OFBIZ-1716) POS: CVV2 code is not always deleted from the DB

Nicolas Malin (Jira)
In reply to this post by Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12588417#action_12588417 ]

Jacques Le Roux commented on OFBIZ-1716:
----------------------------------------

Any objections this is fine with me

> POS: CVV2 code is not always deleted from the DB
> ------------------------------------------------
>
>                 Key: OFBIZ-1716
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1716
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL COMPONENTS
>    Affects Versions: SVN trunk, Release Branch 4.0
>            Reporter: Chris Lombardi
>            Assignee: Jacques Le Roux
>            Priority: Critical
>
> I ran a transaction that was declined by the processor.  I later noticed that the cvv2 code was still present in the database.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Updated: (OFBIZ-1716) POS: CVV2 code is not always deleted from the DB

Nicolas Malin (Jira)
In reply to this post by Nicolas Malin (Jira)

     [ https://issues.apache.org/jira/browse/OFBIZ-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Chris Lombardi updated OFBIZ-1716:
----------------------------------

    Attachment: ofbiz-1716.patch

I have to test this patch.

> POS: CVV2 code is not always deleted from the DB
> ------------------------------------------------
>
>                 Key: OFBIZ-1716
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1716
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL COMPONENTS
>    Affects Versions: SVN trunk, Release Branch 4.0
>            Reporter: Chris Lombardi
>            Assignee: Jacques Le Roux
>            Priority: Critical
>         Attachments: ofbiz-1716.patch
>
>
> I ran a transaction that was declined by the processor.  I later noticed that the cvv2 code was still present in the database.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Commented: (OFBIZ-1716) POS: CVV2 code is not always deleted from the DB

Nicolas Malin (Jira)
In reply to this post by Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12608293#action_12608293 ]

Jacques Le Roux commented on OFBIZ-1716:
----------------------------------------

Hi Chris,

What is the status of this patch, now ?

Thanks

> POS: CVV2 code is not always deleted from the DB
> ------------------------------------------------
>
>                 Key: OFBIZ-1716
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1716
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL COMPONENTS
>    Affects Versions: SVN trunk, Release Branch 4.0
>            Reporter: Chris Lombardi
>            Assignee: Jacques Le Roux
>            Priority: Critical
>         Attachments: ofbiz-1716.patch
>
>
> I ran a transaction that was declined by the processor.  I later noticed that the cvv2 code was still present in the database.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Commented: (OFBIZ-1716) POS: CVV2 code is not always deleted from the DB

Nicolas Malin (Jira)
In reply to this post by Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12608446#action_12608446 ]

Chris Lombardi commented on OFBIZ-1716:
---------------------------------------

I don't remember.  The patch looks pretty straight forward though, I'll test it today.

> POS: CVV2 code is not always deleted from the DB
> ------------------------------------------------
>
>                 Key: OFBIZ-1716
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1716
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL COMPONENTS
>    Affects Versions: SVN trunk, Release Branch 4.0
>            Reporter: Chris Lombardi
>            Assignee: Jacques Le Roux
>            Priority: Critical
>         Attachments: ofbiz-1716.patch
>
>
> I ran a transaction that was declined by the processor.  I later noticed that the cvv2 code was still present in the database.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Updated: (OFBIZ-1716) POS: CVV2 code is not always deleted from the DB

Nicolas Malin (Jira)
In reply to this post by Nicolas Malin (Jira)

     [ https://issues.apache.org/jira/browse/OFBIZ-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Chris Lombardi updated OFBIZ-1716:
----------------------------------

    Attachment: ofbiz-1716.patch

Updated patch to work with current trunk.  Tested, works ok.

> POS: CVV2 code is not always deleted from the DB
> ------------------------------------------------
>
>                 Key: OFBIZ-1716
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1716
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL COMPONENTS
>    Affects Versions: SVN trunk, Release Branch 4.0
>            Reporter: Chris Lombardi
>            Assignee: Jacques Le Roux
>            Priority: Critical
>         Attachments: ofbiz-1716.patch, ofbiz-1716.patch
>
>
> I ran a transaction that was declined by the processor.  I later noticed that the cvv2 code was still present in the database.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Closed: (OFBIZ-1716) POS: CVV2 code is not always deleted from the DB

Nicolas Malin (Jira)
In reply to this post by Nicolas Malin (Jira)

     [ https://issues.apache.org/jira/browse/OFBIZ-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux closed OFBIZ-1716.
----------------------------------

       Resolution: Fixed
    Fix Version/s: Release Branch 4.0
                   SVN trunk

Thanks Chris,

Your patch is in trunk revision: 672130 , release4.0 672133  



> POS: CVV2 code is not always deleted from the DB
> ------------------------------------------------
>
>                 Key: OFBIZ-1716
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1716
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL COMPONENTS
>    Affects Versions: SVN trunk, Release Branch 4.0
>            Reporter: Chris Lombardi
>            Assignee: Jacques Le Roux
>            Priority: Critical
>             Fix For: SVN trunk, Release Branch 4.0
>
>         Attachments: ofbiz-1716.patch, ofbiz-1716.patch
>
>
> I ran a transaction that was declined by the processor.  I later noticed that the cvv2 code was still present in the database.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.