We're using the hosted iframe to generate a card token, and then saving the token as a card-on-file using the REST API on the backend. We're noticing an odd error when all the card details are correct aside from the expiry date being incorrect (but still a valid future date) for that card. In this case, the iframe token is generated successfully, but when it is saved as a card-on-file by creating a customer record on the /v1/customers endpoint on our backend, the eCommerce API returns an error message like "Token verification failed for token clv_xxx" with the code set to "invalid_cvc".
According to the Clover docs, "invalid_cvc" is returned if "The card.cvv provided is not a three- or four-digit value". Clearly that isn't the case here. The CVC/CVV is correct, but only the expiry date is wrong, e.g. if the correct expiry date is "06/26", entering "06/25" will generate an error with the "invalid_cvc" code.
Is this a bug, or just a confusing response?