Intentional misinformation in credit card field

Gravity Support Forums » Plugin Support » Gravity Forms PayPal Add-On

pshot
Member

first thanks rob with priority support ...my form is working now.

So I had built a test form which had a corrupt product field making the form not submit to paypal.........yet showed payment status as APPROVED

I rebuilt this form completely from scratch ...and feel as though it is at the stage now where our association could take it live.

So I tested this new form again (LIVE ) using $1.00 as the cost for registration.

I intentionally filled out the credit card fields wrong...and after hitting submit the form refreshed saying that the form was missing required information ( I also did not confirm my email as part of the form requests ) .....excellent ,as I expected to see...all working good so far.

there were 2 errors showing...
(1) the missing email confirmation ( this was expected ...as Im testing the form)

I added the email confirmation ....and hit submit again....failed again ....again ...this was as expected ....I haven't fixed the credit card fields.....again excellent ,all working as intended so far.

So i fixed the credit card fields (expiry date of credit card )..........but left the security code field with the INCORRECT INFORMATION ......( all other information is now correct )
I expect the form submitIon and payment to FAIL

It didnt fail.......im like WTF ...I just blew another buck doing a volunteer job LOL

So

This I see as a problem,actually could be a huge problem...unless this is as intended.....but I doubt that is as intended.

The form submits,I receive my thank you email,an entry is submitted to the form.......and paypal shows payment.

ummmmmm how can this be....the security code I entered was COMPLETELY INCORRECT ..............

Am I going to see the payment reversed from the credit card company...or paypal ....and have a logistical nightmare with 800 members.

I jumped through a bunch of hoops to upgrade our paypal account from standard to pro ...as we cannot have form submissions with out payment....at least in this case we got paid......but what are the implications,with the security code.
Paypal and merchant account noob here .

Thanks for any direction

Posted 11 years ago on Thursday December 6, 2012 | Permalink
pshot
Member

Just want to add that in the paypal transaction details for this test purchase it states the below....
and........
If I assume that the "U" beside Address verification Service,means Unverified.....and that the N beside (CSC) means "NO"......would I be correct ?......if so I guess paypal doesnt care about the card security code....

Payment Type:
Website Payments Pro API Solution
Surcharges:
Not Applicable
Card Type:
Visa
Address Verification Service (AVS):
U
Card Security Code (CSC):
N

Posted 11 years ago on Thursday December 6, 2012 | Permalink
Chris Hajer
Key Master

You can choose to ignore the CVV2/CSC in the PayPal fraud settings. Go to Profile > Payment Receiving Profile > Allow my risk controls to overide. Then click "Risk Control" and there is an option to allow mismatched CSC. Is it possible that is already set on this PayPal account?

Here is an explanation of the response codes for AVS and CVV2:
https://www.x.com/developers/paypal/documentation-tools/api/AVSResponseCodes

Posted 11 years ago on Friday December 7, 2012 | Permalink
pshot
Member

ok excellent.......it probably is set to allow then

I find paypal....in all honesty a complete mess in the backend...link upon link lots of irrelevant stuff to wade through.....a pretty messy website if you ask me.

This paypal merchant account noob just learned something ...thanks

Posted 11 years ago on Friday December 7, 2012 | Permalink
Chris Hajer
Key Master

If you find out otherwise, please let us know. Good luck.

Posted 11 years ago on Friday December 7, 2012 | Permalink