View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0007384 | module PayPal Checkout | module PayPal checkout - sub | public | 2022-12-05 09:42 | 2023-05-10 15:00 |
Reporter | d3 | ||||
Priority | normal | Severity | minor | Reproducibility | unable to reproduce |
Status | resolved | Resolution | fixed | ||
Product Version | 2.2.2 / 1.2.2 | ||||
Target Version | Fixed in Version | 2.3.0 / 1.3.0 | |||
Summary | 0007384: Order and Mail for rejected credit card payment | ||||
Description | If a payment with credit card was rejected (3DS failed): * an order is created * and the mail to owner/customer was send Is this case, the mail should not send to the user! | ||||
Tags | No tags attached. | ||||
|
In some cases(3DS ), the user should be redirect to step 3. To finalize an order is not the best option. Certainly there are cases in which PayPal can only complete the payment seconds later. Then you should wait with the email until then. |
|
In my test scenario i tested with these paypal data: Rejected Frictionless Authentication by the Issuer https://developer.paypal.com/docs/checkout/advanced/customize/3d-secure/test/ Visa:?4868719081564153 Expiration: 01/2025 CVV: 123 In my case "rejected authentification" the user was redirected to step 3 to finalize the order again. |
|
- es - |
|
Please add steps to reproduce with Credit Test Data |
|
Please read this: https://developer.paypal.com/tools/sandbox/card-testing/#rejection-triggers Use: Rejection triggers All test simulations show that the card is globally unavailable (AVS) and not processed (CVV), but the response-code value changes based on the test trigger you use. Test name Trigger Processor response code Fraudulent card CCREJECT-SF 9500 Card is declined CCREJECT-BANK_ERROR 5100 CVC check fails CCREJECT-CVV_F 00N7 Card expired CCREJECT-EC 5400 Luhn Check fails CCREJECT-IRC 5180 Insufficient funds CCREJECT-IF 5120 Card lost, stolen CCREJECT-LS 9520 Card refused CCREJECT-REFUSED 0500 Card invalid CCREJECT-IA 1330 I used "CCREJECT-IF" as name for the card owner. The status DECLINED is inside the response : { "additional_properties": "xxxxxx", "body": { "create_time": "2022-12-06T09:50:19Z", "id": "9N134986D6012970H", "intent": "CAPTURE", "links": [ { "href": "https://api.sandbox.paypal.com/v2/checkout/orders/9N134986D6012970H", "method": "GET", "rel": "self" }, { "href": "https://www.sandbox.paypal.com/checkoutnow?token=9N134986D6012970H", "method": "GET", "rel": "approve" }, { "href": "https://api.sandbox.paypal.com/v2/checkout/orders/9N134986D6012970H", "method": "PATCH", "rel": "update" }, { "href": "https://api.sandbox.paypal.com/v2/checkout/orders/9N134986D6012970H/capture", "method": "POST", "rel": "capture" } ], "payment_source": { "card": { "brand": "xxxxxx", "last_digits": "xxxxxx", "type": "xxxxxx" } }, "processing_instruction": "NO_INSTRUCTION", "purchase_units": [ { "amount": { "breakdown": { "handling": { "currency_code": "EUR", "value": "0.00" }, "insurance": { "currency_code": "xxxxxx", "value": "xxxxxx" }, "item_total": { "currency_code": "EUR", "value": "598.57" }, "shipping": { "currency_code": "EUR", "value": "0.00" }, "shipping_discount": { "currency_code": "EUR", "value": "0.00" }, "tax_total": { "currency_code": "EUR", "value": "0.00" } }, "currency_code": "EUR", "value": "598.57" }, "description": "Zahlung bei OXID eShop 6 TESTSHOP", "payee": { "email_address": "*****", "merchant_id": "79AECA4WKWHT4" }, "payments": { "captures": [ { "amount": { "currency_code": "EUR", "value": "598.57" }, "create_time": "2022-12-06T09:50:22Z", "disbursement_mode": "INSTANT", "final_capture": true, "id": "74247529TY790293E", "links": [ { "href": "https://api.sandbox.paypal.com/v2/payments/captures/74247529TY790293E", "method": "GET", "rel": "self" }, { "href": "https://api.sandbox.paypal.com/v2/payments/captures/74247529TY790293E/refund", "method": "POST", "rel": "refund" }, { "href": "https://api.sandbox.paypal.com/v2/checkout/orders/9N134986D6012970H", "method": "GET", "rel": "up" } ], "processor_response": { "avs_code": "G", "cvv_code": "X", "response_code": "5120" }, "seller_protection": { "status": "NOT_ELIGIBLE" }, "seller_receivable_breakdown": { "gross_amount": { "currency_code": "EUR", "value": "598.57" }, "net_amount": { "currency_code": "EUR", "value": "586.85" }, "paypal_fee": { "currency_code": "EUR", "value": "11.72" } }, "status": "DECLINED", "update_time": "2022-12-06T09:50:22Z" } ] }, "reference_id": "OXID_REFERENCE", "shipping": { "address": { "address_line_1": "*****", "address_line_2": "*****", "admin_area_1": "XX", "admin_area_2": "Freiburg", "country_code": "DE", "postal_code": "79111" }, "name": { "full_name": "*****" } }, "soft_descriptor": "PP*MG TESTSHOP" } ], "status": "CREATED" }, "duration_time": "xxxxxx", "header": { "APPLICATION_ID": "APP-80W284485P519543T", "BORDER-IP": "xxxxxx", "CALLER_ACCT_NUM": "79AECA4WKWHT4", "Date": "Tue, 06 Dec 2022 09:53:12 GMT", "Keep-Alive": "xxxxxx", "PROCESSING-IP": "xxxxxx", "SERVER_INFO": "xxxxxx", "paypal-debug-id": "1c490b2f8e771" }, "status": 200 } |
|
PayPal Checkout Module and ACDC. For 2 orders we have received feedback from PayPal: the payments were rejected (eg: 3DS failed). trx 4XW66031P1111022L – 3DS failed trx 64663498JJ796554P – Zahlung rejectedWie However, the order was created and the email was sent to the customer, which should be considered as an error. If 3DS is entered incorrectly, shouldn't the customer be thrown back to step 3 with message "authorisation of payment failed"? Or shouldn't the triggering of the order confirmation email basically be outsourced to the webhook event? However the orders have been created, payment date is not set, status NOT_FINISHED and payment has been declined. |
|
Unable to reproduce as described, tested with following types of rejection trigger. - Fraudulent card "CCREJECT-SF" - Card is declined "CCREJECT-BANK_ERROR" - CVC check fails "CCREJECT-CVV_F" - Card expired "CCREJECT-EC" - Luhn Check fails "CCREJECT-IRC" - Insufficient funds "CCREJECT-IF" - Card lost, stolen "CCREJECT-LS" - Card refused "CCREJECT-REFUSED" - Card invalid "CCREJECT-IA" None of these triggered an order or a customer mail, all ended with a "authorisation failed" message, as expected. Counter-checks have been made with valid (test) credit card details. |
|
reopened as discussed with ML. For testting use Test number Card type 4005519200000004 Visa Test name Trigger Processor response code Insufficient funds CCREJECT-IF 5120 |