QuickBooks Merchant Service

[cptok]

Yes... in this case 1.8 != 1.8. But that's part of the "fun" of being on the testing team right!! :)

PS - did you redownload from my site? That error code appears in several places in the module, and was fixed in all of them.

[mydanilo]

Yes... in this case 1.8 != 1.8. But that's part of the "fun" of being on the testing team right!! :)

PS - did you redownload from my site? That error code appears in several places in the module, and was fixed in all of them.

Right! And yes, from the link you sent in the PM. As far as I can tell the (the add_session error) was added on several places in that one file was the only difference. Seems to work now, thank you.

[mydanilo]

On another note, I noticed that AMEX does not send back the CVV verified code for the qb merchant account. So if you set CVV needs to be present and verified, legitimate AMEX cards will be declined. I found in the help file in QB Merchant account page that one can ask AMEX to activate the CVV verified return code as well. I will post more about the process tomorrow from my desktop where I have all the info.

[cptok]

QBMS 1.8 Stable has been uploaded. This includes everything above and cosmetic cleanup of the code for readability.

[Securfocus]

wow good catch mydanilo, we use amex cards as well. let me know what you find out about the cvv.

keep up the awsome updates cptok!

[mydanilo]

This is the AMEX situation as mentioned in QB

Important: If you accept AmericanExpress cards

American Express (AMEX) cards have a 4-digit card security code on the front of the card which is used to screen for fraud in card not present and eCommerce transactions. Note that AMEX always approves valid transactions even if the card security code does not match, is not processed, or is not provided. Nevertheless, AMEX does return the card security code status along with the approval response, and you can set your Web store security settings to automatically reject transactions where card security code does not match or is not available. However, these settings will only work if you have specifically requested AMEX to process the card security code when the account was set up. If the account was not set up to do this, AMEX will return a response indicating that the card security code was not processed even when the correct code was provided in the transaction. As a result, even valid AMEX transactions will be rejected automatically if the merchant has selected Web store security settings to reject transactions where the card security code not does not match or is not available.

If you want to prevent valid AMEX transactions to be accepted, you must either make sure your account is set up correctly at AMEX, or change your Web store security settings in the Merchant Service Center so the valid transactions do not get rejected.
--------------------------
I talked to customer service at AMEX and here is what you have to do to requested AMEX to process the card security code:

email to: [email protected]

Ask them to activate the CID for your AMEX merchant account#xxxxxxx

I got a reply and it usually takes 7-10 business days until active.

PS: They will do this only by email. Good luck.

[cptok]

Mydanilo - great information!! Well done. You have clearly laid out what it takes to deal correctly with AMEX - whether by contacting AMEX or by having alternate settings on the QBMS fraud options.

[mydanilo]

OK, it is now activated, here is the email they send back:
------------------------------------
Your Merchant number has now been activated for the CID Fraud Prevention Tool from American Express.

Merchants are required to follow the Card Security Code Validation program requirements. For your convenience, these requirements are attached below as an excerpt from the US Merchant Operating Policies and Procedures guide. These requirements are also available to you at: www.americanexpress.com/merchantpolicy


To ensure proper use of the CID fraud prevention tool, please find the following reminders:

* Merchant should never store CID, should re-prompt twice when an incorrect CID is provided and not allow more than three tries for a Customer to enter CID.

* Now that CID has been activated, AMEX will send the following in the ISO 8583 Authorization Response 1110. If you use a processor or vendor to communicate with American Express, they may translate these responses and provide the same information to you in a different field or value.

Y = CID matched
N= CID did not match
U = CID was not checked

* To correctly utilize the CID fraud prevention tool, every keyed transaction with a CID value must be sent with POS Data code position 7=‘S’. Please reach out to your processor if you have questions regarding this point

* American Express recommends Merchants advise your Processor you plan to use the CID fraud prevention tool

* If you need the approved American Express card image showing CID for use on your website, please e-mail [email protected] with the subject: American Express CID card image needed and in the text of the message indicate your website address
---------------------------------------

Now I hope that QB Merchant account will understand AMEX CID responses. One would think.... lets see when the first AMEX transaction comes across. I will post how it works out.

[Securfocus]

So the way I am reading it is, unless you specificaly ask them to check the CVV on amex, it comes default as they don't check it.

meaning...

if i were to use a amex card right now, it wouldnt matter what i put in for the cvv it doesn check it, and it will go through.

Nice research i had no idea that they didnt even check the cvv ive been putting in for the last 4 years!

[mydanilo]

[QUOTE=Securfocus;684806]S
meaning...

if i were to use a amex card right now, it wouldnt matter what i put in for the cvv it doesn check it, and it will go through./QUOTE]

Not quiet correct. Your qbms payment module will already check if the CVV is filled in but then when it is passed on to QB merchant it will pass it on to AMEX and then AMEX does check the submitted CVV but does not return the result. So there would be no CVV status returned to QB merchant. QB merchant will check your CVV according to your QB merchant settings (Web store security settings). If like me, you want the CVV verified positively you would set:

CSC Settings
If CSC does not match Reject Transaction
If CSC is not available Reject Transaction

Now if the AMEX CID is not activated like I described, ALL your AMEX cards will be rejected as AMEX would not return a positive CSC match!

If:
If CSC does not match Accept Transaction
If CSC is not available Accept Transaction
Then:
you don't have this problem but again no CSC match verification will be enforced on any cards. So you are accepting cards where you do not know if CSC is valid. Did not like it!

If:
If CSC does not match Accept Transaction
If CSC is not available Reject Transaction
Then:
You will never know if AMEX CIC actually matched as the status is not returned by AMEX.

Just have it turned on by AMEX and you will have full control over what you are accepting.