Ok, just as I thought. The customer CAN bypass the CVV if he/she just hit spaces in the CVV field....
I guess there is no validation for that??
Ok, just as I thought. The customer CAN bypass the CVV if he/she just hit spaces in the CVV field....
I guess there is no validation for that??
If he/she intents to bypass, then it would be a fraud order anyway. Your best bet is to contact he/she to request that he/she replace the order. Still, ZC should have validated that.
I no longer provide installation support on forum for all my modules. However, if there are real bugs with the modules please feel free to contact me
No, it is not necessary that it is a fraud order as some people are skeptical of inputting CVV numbers. And no ZC does not validate that. Atleast mine doesn't...
There are varying schools of thought on the CVV issue.
Technically, unless you have the customer "present", you shouldn't even be collecting CVV. Customers have good reason to be hesitant of providing CVV if the card isn't being processed immediately.
You probably pay a higher transaction fee without the CVV number though.
You may disagree ... but that's the general theory.
The fact that Zen Cart doesn't validate the number is a secondary issue. For gateway processing modules, the supplied CVV is sent directly to the gateway and never stored. If the gateway rejects it, the customer is asked to re-enter it. The gateway does the validating.
So, using the offline module, if the customer doesn't supply it, or supplies an invalid number, you can either process it without any CVV or call the customer up and ask them for a valid one.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
I am fully aware of PCI compliance as I went through a whole ordeal with a client of mine versus Visa Credit Card.
I am in the transition of getting Paypal payment pro setup but just in case I can't get it working (like the time with Paypal 2.0), I would have no choice but to continue using offline CC process. And you're right, I don't need CCV to process the CC. I am using Paypal's virtual terminal at the current moment. However I did not know that there will be a higher charge if CCV is not inputted.
With that said, I just thought it would be better "if" I could validate the CCV and not allowing customers to bypass that by inputting "spaces" in that field....
Some processors levy a different transaction fee in those cases. Not all do.
Understood. You could try making the following change in the cc.php module:
in this section:
make the change highlighted in red:Code:if (MODULE_PAYMENT_CC_COLLECT_CVV == 'True') { $js .= ' if (cc_cvv == "" || cc_cvv.length < ' . CC_CVV_MIN_LENGTH . ') {' . "\n" .
Code:if (MODULE_PAYMENT_CC_COLLECT_CVV == 'True') { $js .= ' if (cc_cvv.replace(" ", "") == "" || cc_cvv.length < ' . CC_CVV_MIN_LENGTH . ') {' . "\n" .
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Thanks Dr. Byte, but I tried the above code and it will keep asking me for atleast 3 digits and not let me continue.