View Issue Details

IDProjectCategoryView StatusLast Update
0007384module PayPal Checkoutmodule PayPal checkout - subpublic2023-01-24 13:56
Reporterd3 
PrioritynormalSeverityminorReproducibilityunable to reproduce
Status acknowledgedResolutionreopened 
Product Version2.2.2 / 1.2.2 
Target Version2.2.4 / 1.2.4Fixed in Version 
Summary0007384: Order and Mail for rejected credit card payment
DescriptionIf a payment with credit card was rejected (3DS failed):
* an order is created
* and the mail to owner/customer was send

Is this case, the mail should not send to the user!
TagsNo tags attached.

Activities

d3

2022-12-05 11:27

reporter   ~0014897

In some cases(3DS ), the user should be redirect to step 3. To finalize an order is not the best option.

Certainly there are cases in which PayPal can only complete the payment seconds later.
Then you should wait with the email until then.

QA

2022-12-05 12:36

administrator   ~0014924

In my test scenario i tested with these paypal data: Rejected Frictionless Authentication by the Issuer
https://developer.paypal.com/docs/checkout/advanced/customize/3d-secure/test/

Visa:?4868719081564153
Expiration: 01/2025
CVV: 123

In my case "rejected authentification" the user was redirected to step 3 to finalize the order again.

PayPal_Credit_1.JPG (85,745 bytes)
PayPal_Credit_1.JPG (85,745 bytes)
PayPal_Credit_0.JPG (85,082 bytes)
PayPal_Credit_0.JPG (85,082 bytes)

QA

2022-12-05 12:37

administrator   ~0014925

- es -

QA

2022-12-05 12:38

administrator   ~0014926

Please add steps to reproduce with Credit Test Data

d3

2022-12-06 11:11

reporter   ~0014929

Please read this:
https://developer.paypal.com/tools/sandbox/card-testing/#rejection-triggers

Use: Rejection triggers

All test simulations show that the card is globally unavailable (AVS) and not processed (CVV), but the response-code value changes based on the test trigger you use.
Test name Trigger Processor response code
Fraudulent card CCREJECT-SF 9500
Card is declined CCREJECT-BANK_ERROR 5100
CVC check fails CCREJECT-CVV_F 00N7
Card expired CCREJECT-EC 5400
Luhn Check fails CCREJECT-IRC 5180
Insufficient funds CCREJECT-IF 5120
Card lost, stolen CCREJECT-LS 9520
Card refused CCREJECT-REFUSED 0500
Card invalid CCREJECT-IA 1330


I used "CCREJECT-IF" as name for the card owner.


The status DECLINED is inside the response :

{
  "additional_properties": "xxxxxx",
  "body": {
    "create_time": "2022-12-06T09:50:19Z",
    "id": "9N134986D6012970H",
    "intent": "CAPTURE",
    "links": [
      {
        "href": "https://api.sandbox.paypal.com/v2/checkout/orders/9N134986D6012970H",
        "method": "GET",
        "rel": "self"
      },
      {
        "href": "https://www.sandbox.paypal.com/checkoutnow?token=9N134986D6012970H",
        "method": "GET",
        "rel": "approve"
      },
      {
        "href": "https://api.sandbox.paypal.com/v2/checkout/orders/9N134986D6012970H",
        "method": "PATCH",
        "rel": "update"
      },
      {
        "href": "https://api.sandbox.paypal.com/v2/checkout/orders/9N134986D6012970H/capture",
        "method": "POST",
        "rel": "capture"
      }
    ],
    "payment_source": {
      "card": {
        "brand": "xxxxxx",
        "last_digits": "xxxxxx",
        "type": "xxxxxx"
      }
    },
    "processing_instruction": "NO_INSTRUCTION",
    "purchase_units": [
      {
        "amount": {
          "breakdown": {
            "handling": {
              "currency_code": "EUR",
              "value": "0.00"
            },
            "insurance": {
              "currency_code": "xxxxxx",
              "value": "xxxxxx"
            },
            "item_total": {
              "currency_code": "EUR",
              "value": "598.57"
            },
            "shipping": {
              "currency_code": "EUR",
              "value": "0.00"
            },
            "shipping_discount": {
              "currency_code": "EUR",
              "value": "0.00"
            },
            "tax_total": {
              "currency_code": "EUR",
              "value": "0.00"
            }
          },
          "currency_code": "EUR",
          "value": "598.57"
        },
        "description": "Zahlung bei OXID eShop 6 TESTSHOP",
        "payee": {
          "email_address": "*****",
          "merchant_id": "79AECA4WKWHT4"
        },
        "payments": {
          "captures": [
            {
              "amount": {
                "currency_code": "EUR",
                "value": "598.57"
              },
              "create_time": "2022-12-06T09:50:22Z",
              "disbursement_mode": "INSTANT",
              "final_capture": true,
              "id": "74247529TY790293E",
              "links": [
                {
                  "href": "https://api.sandbox.paypal.com/v2/payments/captures/74247529TY790293E",
                  "method": "GET",
                  "rel": "self"
                },
                {
                  "href": "https://api.sandbox.paypal.com/v2/payments/captures/74247529TY790293E/refund",
                  "method": "POST",
                  "rel": "refund"
                },
                {
                  "href": "https://api.sandbox.paypal.com/v2/checkout/orders/9N134986D6012970H",
                  "method": "GET",
                  "rel": "up"
                }
              ],
              "processor_response": {
                "avs_code": "G",
                "cvv_code": "X",
                "response_code": "5120"
              },
              "seller_protection": {
                "status": "NOT_ELIGIBLE"
              },
              "seller_receivable_breakdown": {
                "gross_amount": {
                  "currency_code": "EUR",
                  "value": "598.57"
                },
                "net_amount": {
                  "currency_code": "EUR",
                  "value": "586.85"
                },
                "paypal_fee": {
                  "currency_code": "EUR",
                  "value": "11.72"
                }
              },
              "status": "DECLINED",
              "update_time": "2022-12-06T09:50:22Z"
            }
          ]
        },
        "reference_id": "OXID_REFERENCE",
        "shipping": {
          "address": {
            "address_line_1": "*****",
            "address_line_2": "*****",
            "admin_area_1": "XX",
            "admin_area_2": "Freiburg",
            "country_code": "DE",
            "postal_code": "79111"
          },
          "name": {
            "full_name": "*****"
          }
        },
        "soft_descriptor": "PP*MG TESTSHOP"
      }
    ],
    "status": "CREATED"
  },
  "duration_time": "xxxxxx",
  "header": {
    "APPLICATION_ID": "APP-80W284485P519543T",
    "BORDER-IP": "xxxxxx",
    "CALLER_ACCT_NUM": "79AECA4WKWHT4",
    "Date": "Tue, 06 Dec 2022 09:53:12 GMT",
    "Keep-Alive": "xxxxxx",
    "PROCESSING-IP": "xxxxxx",
    "SERVER_INFO": "xxxxxx",
    "paypal-debug-id": "1c490b2f8e771"
  },
  "status": 200
}

QA

2022-12-06 13:37

administrator   ~0014930

PayPal Checkout Module and ACDC.

For 2 orders we have received feedback from PayPal: the payments were rejected (eg: 3DS failed).

trx 4XW66031P1111022L – 3DS failed
trx 64663498JJ796554P – Zahlung rejectedWie

However, the order was created and the email was sent to the customer, which should be considered as an error.
If 3DS is entered incorrectly, shouldn't the customer be thrown back to step 3 with message "authorisation of payment failed"?

Or shouldn't the triggering of the order confirmation email basically be outsourced to the webhook event?

However the orders have been created, payment date is not set, status NOT_FINISHED and payment has been declined.

LarsStegelitz

2023-01-23 14:24

developer   ~0014988

Unable to reproduce as described, tested with following types of rejection trigger.
- Fraudulent card "CCREJECT-SF"
- Card is declined "CCREJECT-BANK_ERROR"
- CVC check fails "CCREJECT-CVV_F"
- Card expired "CCREJECT-EC"
- Luhn Check fails "CCREJECT-IRC"
- Insufficient funds "CCREJECT-IF"
- Card lost, stolen "CCREJECT-LS"
- Card refused "CCREJECT-REFUSED"
- Card invalid "CCREJECT-IA"

None of these triggered an order or a customer mail, all ended with a "authorisation failed" message, as expected.

Counter-checks have been made with valid (test) credit card details.

QA

2023-01-24 13:51

administrator   ~0014990

reopened as discussed with ML.

For testting use

Test number Card type
4005519200000004 Visa

Test name Trigger Processor response code
Insufficient funds CCREJECT-IF 5120