question

jms avatar image
jms asked ·

Ecommerce Payments Failing: "CVV does not match"

Hi. We use the iFrame integration to allow customers to make clover payments.

When trying to pay for an order with the /v1/orders/{orderId}/pay and the card source generated by the iFrame, we get the following error:

Request:

"{"amount":2666,"currency":"USD","source":"<IFRAME-CARD-TOKEN>","tip_amount":0}"

Response:

{"message":"402 Payment Required","error":{"code":"card_declined","message":"CVV does not match","charge":"<CHARGE-ID>","declineCode":"issuer_declined"}}

I have 3 questions regarding this scenario:

  1. Why does this fail at this point? We rely on Clover to generate the card tokens for us which we assume Clover validates before providing the tokenized card.
  2. Is there something wrong with our assumption of the above? Does the actual validation happen when executing the charge? Does tokenization simply store the details on Clover end without any validation? We are currently under the assumption that a tokenized card is a valid card.
  3. If so, what are the possible major errors that need to be handled in the /v1/orders/{orderId}/pay flow so that we can show meaningful error messages to the customer?

Thank you for your support.

e-commerce api
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

· Write an Answer
David Marginian avatar image
David Marginian answered ·

I have made an attempt to explain some of this in my comments here - https://community.clover.com/questions/30103/ecommerce-card-tokens-failing-cvv-is-not-provided.html?childToView=30264#comment-30264.

1) We do not validate the card when the card is tokenized. We DO validate it WHEN/IF you save the token on a customer record (COF - https://docs.clover.com/docs/ecommerce-saving-card).

2) Per 1, we do not validate the card when it is tokenized. By default, tokens are both SHORT lived (~10 minutes) and SINGLE use. If you want to use a token more than once and outside of the ~10 minute expiration period then you need to get the customer's consent and use COF.

3) The message coming back in the response is generally quite meaningful.

2 comments
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Hi @David. Thanks for the quick response.

Just to clarify, the PUT request to /v1/customers/{cloverCustomerId} will fail if the card data represented by the token is invalid?

0 Likes 0 ·

Yes, that is correct.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community