-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DropIn UI 3D Secure while add card to vault #376
Comments
second thing: What amount we should fill into 3DS request, when we just want to add card to Braintree, but not process any payment? The amount looks required, but in almost same question in stackoverflow without any response: https://stackoverflow.com/q/72950709/4024146 |
Next respose from your Support team:
Just respond, that No, this is not helpful (as all previous communication with your support team). Because when we send Step 1: is FE (android) thing. So yes I've created 3DS request (try with amount set to 1 too), but it's not propagated to you backend from SDK! As I described above, the request contains only Card number, expiration date and CVC code, no info from 3DS, so you have no way how to properly validate 3DS on your side... All 3DS data are ignored, same as Step 2: it's a BE side (in app we are not directly connected to gateway, we can't call customer.create() or |
@mtrakal thanks for your patience and for using the Braintree SDK for Android. I see your concern. To confirm, if we forward the Also does this occur on iOS as well, or is your app exclusive to the Android platform? |
Hi @sshropshire I have no idea, if it will be enough, because I never pass to validate some Credit card on Android app still. So I have no idea what's required by bank / by Braintree to properly validate and add card to vault manager. Same issue on iOS what I remember, but we try to solve with your support team this issue months, so not sure about iOS now, it's too long time from beginning until I started escalate it here. But if you look on request from first post, there is no info from 3DS, not only shipping address. It send only card data and no 3DS data (email, phone, additional info, etc). |
Hi, @sshropshire any news on this issue? Can you escalate it, please? We still have issues with credit cards. |
Hi @mtrakal it's difficult to determine the proper API for this scenario. My gut says to forward the |
Hi @sshropshire it's being bigger issue now, because Czech biggest bank ČSOB implemented 3DS for debit cards too, so it's not now just about credit cards, but for debit cards too. And other banks will be following: according to EU regulations this is required for all banks / cards. It happens for us on Android, iOS and Web too. For now "just" for this one ČSOB bank, because they are the first who implemented 3DS for vaulting any card. On second side it's a biggest bank with most of our users and it start be a huge issue for us because they are not able pass through payment (not able to use our service, which impacting us as company/our business). And will start impacting other companies in EU which uses vaulting card. |
@mtrakal if it's happening on all platforms we may need you to contact support for additional help. This helps us prioritize and get the right stakeholders involved internally. I'm aware of the issue so I'll keep an eye out, but it sounds like we may need to coordinate a cross platform fix in this case and I want to make sure we get it right the first time. |
for internal tracking, issue 4425 |
The hell, we contacted your support team 5 months ago maybe more! With some stupid responses copied from documentation as I described at beginning of this issue. We escalated it every few weeks with no luck in a solution. After a long time without no luck with your support team I created this issue and hope for some answer here :). Which definetelly work much better than support team 👍 🥇 . I finally have Debit card from ČSOB (before we got just data from customers) and we had an only Credit card... So I can provide data from API communication (but it looks, that I'm not able to decrypt responses anymore on latest Braintree SDK). So I have just requests (will try on another developer device later with decrypting https etc...). It looks almost same as for Credit card. Code DropInRequest created in our code:
Request send from Braintree SDK to Braintree API: {
"clientSdkMetadata": {
"platform": "android",
"sessionId": "b5468b4804d941cfa60429344c228831",
"source": "form",
"integration": "custom"
},
"query": "mutation TokenizeCreditCard($input: TokenizeCreditCardInput!) { tokenizeCreditCard(input: $input) { token creditCard { bin brand expirationMonth expirationYear cardholderName last4 binData { prepaid healthcare debit durbinRegulated commercial payroll issuingBank countryOfIssuance productId } } }}",
"operationName": "TokenizeCreditCard",
"variables": {
"input": {
"options": {
"validate": true
},
"creditCard": {
"number": "51683421********",
"expirationMonth": "**",
"expirationYear": "**",
"cvv": "***"
}
}
}
} Sorry, but your SDK not allow create screenshot even in debug mode 🤷♂️ I'm 100% sure, that provided data are correct, valid and work for online payment on other places / apps / stores. The issue is, that we need to add to Vault before crete payment and it's not allowed because there is not shown 3DS dialog to verify card. As you can see, all data provided in DropInRequest are forgotten/lost/not provided to API. So API/Bankend is not able to verify 3DS / owner etc. |
@sshropshire But still it's a bug and issue, because one switch in admin tool should not break payments for valid cards... Info from some of our user from his Bank: Payment was not verified due to using deprecated validation/verification of payment card (withdrawal 1 CZK) which is not supported anymore / deprecated - some old/unencpryted protocol or something like that. |
@mtrakal thanks for your patience. We're looking into this further and we'll report back when we have more information. |
This workaround wouldn't work in case your scenario involves a free trial period, when you as a merchant first try to capture user's payment method for future use, and after the free trial period when customer is not present anymore and cannot pass the 3DS step you try to charge the card automatically. The same bug presents in the web sdk as well. There is just no way to verify a new credit card before it's stored to a vault :/ We've been having this issue with multiple European banks for some time already, they are giving the 2099 in response of trying to store the unverified card. Customers are just not able to use the cards from those banks. |
We are experiencing a similar, if not the same issue. The issue is that with card verification enabled, the drop-in UI fails to complete its tokenization step with some European bank cards. After discussing with Braintree support, the problem appears to be that the Drop-in UI is attempting card verification without 3DS. So, we are not sure how to do 3DS before drop-in UI starts doing its card verification. Are there any intentions of adding "Card verification with 3DS" feature to the web drop-in UI? |
General information
Response from your Support team:
Issue description
Try to create a payment using a Credit card. We need to store card to Vault manager with 3D Secure validation due to Eurepean regulation and PSD2.
Create a request with 3D Secure for request a cardholder challenge using:
isChallengeRequested
/isCardAddChallengeRequested
is not possible, we try it with:The issue is, that while adding card in DropIn UI
threeDSecureRequest
fromdropInRequest
is ignored and user address/additional info are not sent with card to card issuer / bank. So the card is not possible to verify in that case.Request which is send from DropIn UI SDK to Braintree API:
Missing validation info from
threeDSecureRequest
, in that case is not appliedisChallengeRequested
/isCardAddChallengeRequested
to request as you can see from request, only card info is sent.Response to this request is:
Because Bank Issuer can't validate Credit card without address, etc it return 2099 error. Your API return misunderstood error about wrong CVC. But CVC is correct, same as card number and expiration date.
Current state:
Credit or Debit Card
is available, that's ok)Credit or Debit Card
Card details
Expected state
Credit or Debit Card
is available, that's ok)Credit or Debit Card
Card details
The text was updated successfully, but these errors were encountered: