Moneris server side validation for credit card field is not working
complete
Jason Adams
complete
I'm happy to report that this has been resolved in Give Moneris 1.1.0!
Devin Walker
I wanted to provide a quick update to the progress on this: https://www.loom.com/share/1100730f715c4047bc822fa170423279
We're mostly through the development phase and now getting into the testing phase. If you're willing to help test or have any questions please let me know!
P
Phoenix Wise Solutions
Devin Walker: Hi Devin, sorry miss your email in the earlier time. Yes, if you need us to do any testing, please feel free to let us know, thank you.
P
Phoenix Wise Solutions
Hi Devin, I am sorry for bugging you so many times. Our clients called me today and complained that they still receive lots of failed transactions with invalid CVV code even the Google reCaptcha v2 applied to the donation form. In total 34392 failed transactions due to this bug. Our client more like sitting on the pins right now. Would you mind let me know what is the progress on this? Thank you, much appreciate your help.
P
Phoenix Wise Solutions
Devin Walker: Hi Devin, have any updates on the fix? Thank you.
Devin Walker
Phoenix Wise Solutions: I just sent you an email with the beta version. Please check the email, it should be coming from WeTransfer.com because I can't send zips through gmail.
P
Phoenix Wise Solutions
Devin Walker: Thank you Devin, we got the zip file. We are uploading the 1.0.3 version to the website, checking up the donation traction in the next few days. Much appreciate your help, keep you posted.
P
Phoenix Wise Solutions
Devin Walker: Hi Devin, would you mind I ask one more question, after the beta version applied, will it send the CVV code along with other payment information to Moneris? Thank you.
Devin Walker
Phoenix Wise Solutions: You may just want to try a $1.00 donation to be sure it's working as expected for basic donations before leaving it live on the site. To answer your question, you wouldn't see the actual CVV code in your Order History because that's a security issue and the gateway doesn't allow that. You should however see the "CVD Result" eFraud as performed and the hidden card number as seen in the attached screenshot.
P
Phoenix Wise Solutions
Devin Walker: Hi Devin, thank you for getting back to me. It shows AVS / CVD check was not performed on your screenshot, will it show different result lets say " credit card valid" on the live website?
Devin Walker
Phoenix Wise Solutions: Yeah it should. I just grabbed that screenshot from a random test transaction. Let me know if it _does_ or _doesn't_ display that in your testing!
P
Phoenix Wise Solutions
Devin Walker: Thanks Devin. We are duplicating the website and putting it on a staging server. Test the demo version from there. Keep you posted.
P
Phoenix Wise Solutions
Devin Walker: Hi Devin, sorry for bugging you on the weekend, we have tried the Moneris.1.0.3-beta on both staging and production website, none of them do the proper CVV code verification.
You can duplicate the CVV validation issue on our website with the Moneris.1.0.3-beta:
We tested it with our credit card with random CVV code liked 123, it passed through the validation and tell me Payment Complete on both frontend and backend. The 1.0.3 beta still not validate the CVV code.
Please let me know if there is any I might have missed, really need your help to solve this issue, much appreciate it.
Best regards,
Lawrence
Devin Walker
Phoenix Wise Solutions: Yikes! It should be validating but I just want to make sure you enabled the new option under the gateway settings:
P
Phoenix Wise Solutions
Devin Walker: Hi Devin, I just checked, the CVD validation option is Enable all the time, but still remain the same issue.
If you need the website backend login info, plz let me know your email, I can send you the info.
Devin Walker
Phoenix Wise Solutions: Sure it's [[redacted]]
P
Phoenix Wise Solutions
Devin Walker: Backend info sent to your email, plz let me know if you need any further info, thank you.
Devin Walker
in progress
We're actively developing a fix for this. I'll post updates as it progresses but I believe this should be a relatively quick fix.
Devin Walker
planned
P
Phoenix Wise Solutions
Devin Walker: Hi Devin and Ben, this is Lawrence from Phoenix Wise Canada.
We just receive phone calls from our client that complaint they got hit again by the card tester used the credit cards with fake cvv code on their website, Moneris contact my client and issue the warning on these large amounts of unverified transactions.
Would you mind check up with your team? It is more than a month since we reported this critical issue on the Moneris plugin, it turns the whole GiveWP and donation feature useless. Can you please solve this issue asap?
Much appreciate every effort you have put into this, please let me know if you have any updates, thank you.
Best,
Lawrence
Devin Walker
Phoenix Wise Solutions: Thanks for your patience. We're putting a development focus on this now and will have a fix in place soon.
Ben Meredith
under review
Our team will take a look at this. The workaround currently is to manually mark donations as failed on GiveWP's side, and alert donors.
P
Phoenix Wise Solutions
Ben Meredith: Hi Ben, this is Lawrence from Phoenix Wise Canada. We reported this Moneris gateway bug last month and it really makes the GiveWP donation form useless.
The workaround is not working well in our scenario because we found this Moneris gateway bug in our testing by using the fake CVV code, in the real world we don't even know the donors and we are not the authority to verify donor's credit card information, there is no chance we can identify the credit card information the people put in the donation form. With having this Moneris gateway bug, Moneris rejects the transactions without proper CVV verification from GiveWP form. Please kindly check in with your developer and have this significant secure bug resolved.
Please let me know if you have any updates.
Best regards,
Lawrence
Project Manager
Phoenix Wise Solutions