[freeside-devel] Patch to add CVV2 (Card Verification Value)
ivan at 420.am
ivan at 420.am
Tue Oct 14 08:49:31 PDT 2003
I'm not sure if I should accept this patch.
Jeff pointed out that merchant agreements prohibit the storage of the
CVV2 data after the transaction in which it was captured, such as
storing it in this database for future recurring transactions.
This presents a dilemma for merchants which do recurring transacitons,
especially since gateways and merchant account providers seem to be
pressing for CVV2 to get the best rates.
Should we patch Freeside to only use the CVV2 numbers for initial
signups, and just deal with the fact we can't store them for recurring
transactions? Or should we have the option to store the CVV2 numbers
anyway, stick on warning that the option may be in violation of merchant
agreements, and be done with it?
--
_ivan
On Sat, Oct 11, 2003 at 03:24:03PM -0400, Webmaster wrote:
> I have attached a patch (diff -u) to add CVV2 (Card Verification Value) to
> customer entry screen, and submit it to your card processor. This is
> based on Fresside v1.4.1, using Apache::ASP. If I have missed anything,
> please tell me.
>
> Database changes:
> ALTER TABLE cust_main ADD paycvv VARCHAR(4);
> ALTER TABLE h_cust_main ADD paycvv VARCHAR(4);
>
>
> Brian
> --- cust_bill.pm Sat Aug 23 02:46:58 2003
> +++ /usr/lib/perl5/site_perl/5.6.1/FS/cust_bill.pm Fri Oct 10 19:53:04 2003
> @@ -741,6 +741,7 @@
> $content{card_number} = $cust_main->payinfo;
> $cust_main->paydate =~ /^\d{2}(\d{2})[\/\-](\d+)[\/\-]\d+$/;
> $content{expiration} = "$2/$1";
> + $content{cvv2} = $cust_main->paycvv;
> } elsif ( $method eq 'ECHECK' ) {
> my($account_number,$routing_code) = $cust_main->payinfo;
> ( $content{account_number}, $content{routing_code} ) =
> --- cust_main.cgi Wed Jul 23 11:36:56 2003
> +++ /usr/local/freeside/asp/edit/cust_main.cgi Fri Oct 10 18:03:27 2003
> @@ -401,13 +401,14 @@
> "</TABLE>",
> &table("#cccccc"), "<TR>";
>
> - my($payinfo, $payname)=(
> + my($payinfo, $payname, $paycvv)=(
> $cust_main->payinfo,
> $cust_main->payname,
> + $cust_main->paycvv
> );
>
> my %payby = (
> - 'CARD' => qq!Credit card<BR>${r}<INPUT TYPE="text" NAME="CARD_payinfo" VALUE="" MAXLENGTH=19><BR>${r}Exp !. expselect("CARD"). qq!<BR>${r}Name on card<BR><INPUT TYPE="text" NAME="CARD_payname" VALUE="">!,
> + 'CARD' => qq!Credit card<BR>${r}<INPUT TYPE="text" NAME="CARD_payinfo" VALUE="" MAXLENGTH=19><BR>${r}Exp !. expselect("CARD"). qq!<BR>${r}Name on card<BR><INPUT TYPE="text" NAME="CARD_payname" VALUE="">!. qq!<BR>Card Verification Value<BR><INPUT TYPE="text" NAME="CARD_paycvv" VALUE="">!,
> 'CHEK' => qq!Electronic check<BR>${r}Account number <INPUT TYPE="text" NAME="CHEK_payinfo1" VALUE=""><BR>${r}ABA/Routing code <INPUT TYPE="text" NAME="CHEK_payinfo2" VALUE="" SIZE=10 MAXLENGTH=9><INPUT TYPE="hidden" NAME="CHEK_month" VALUE="12"><INPUT TYPE="hidden" NAME="CHEK_year" VALUE="2037"><BR>${r}Bank name <INPUT TYPE="text" NAME="CHEK_payname" VALUE="">!,
> 'LECB' => qq!Phone bill billing<BR>${r}Phone number <INPUT TYPE="text" BANE="LECB_payinfo" VALUE="" MAXLENGTH=15 SIZE=16><INPUT TYPE="hidden" NAME="LECB_month" VALUE="12"><INPUT TYPE="hidden" NAME="LECB_year" VALUE="2037"><INPUT TYPE="hidden" NAME="LECB_payname" VALUE="">!,
> 'BILL' => qq!Billing<BR>P.O. <INPUT TYPE="text" NAME="BILL_payinfo" VALUE=""><BR><INPUT TYPE="hidden" NAME="BILL_month" VALUE="12"><INPUT TYPE="hidden" NAME="BILL_year" VALUE="2037">Attention<BR><INPUT TYPE="text" NAME="BILL_payname" VALUE="">!,
> @@ -417,7 +418,7 @@
> my( $account, $aba ) = split('@', $payinfo);
>
> my %paybychecked = (
> - 'CARD' => qq!Credit card<BR>${r}<INPUT TYPE="text" NAME="CARD_payinfo" VALUE="$payinfo" MAXLENGTH=19><BR>${r}Exp !. expselect("CARD", $cust_main->paydate). qq!<BR>${r}Name on card<BR><INPUT TYPE="text" NAME="CARD_payname" VALUE="$payname">!,
> + 'CARD' => qq!Credit card<BR>${r}<INPUT TYPE="text" NAME="CARD_payinfo" VALUE="$payinfo" MAXLENGTH=19><BR>${r}Exp !. expselect("CARD", $cust_main->paydate). qq!<BR>${r}Name on card<BR><INPUT TYPE="text" NAME="CARD_payname" VALUE="$payname">!. qq!<BR>Card Verification Value<BR><INPUT TYPE="text" NAME="CARD_paycvv" VALUE="$paycvv">!,
> 'CHEK' => qq!Electronic check<BR>${r}Account number <INPUT TYPE="text" NAME="CHEK_payinfo1" VALUE="$account"><BR>${r}ABA/Routing code <INPUT TYPE="text" NAME="CHEK_payinfo2" VALUE="$aba" SIZE=10 MAXLENGTH=9><INPUT TYPE="hidden" NAME="CHEK_month" VALUE="12"><INPUT TYPE="hidden" NAME="CHEK_year" VALUE="2037"><BR>${r}Bank name <INPUT TYPE="text" NAME="CHEK_payname" VALUE="$payname">!,
> 'LECB' => qq!Phone bill billing<BR>${r}Phone number <INPUT TYPE="text" BANE="LECB_payinfo" VALUE="$payinfo" MAXLENGTH=15 SIZE=16><INPUT TYPE="hidden" NAME="LECB_month" VALUE="12"><INPUT TYPE="hidden" NAME="LECB_year" VALUE="2037"><INPUT TYPE="hidden" NAME="LECB_payname" VALUE="">!,
> 'BILL' => qq!Billing<BR>P.O. <INPUT TYPE="text" NAME="BILL_payinfo" VALUE="$payinfo"><BR><INPUT TYPE="hidden" NAME="BILL_month" VALUE="12"><INPUT TYPE="hidden" NAME="BILL_year" VALUE="2037">Attention<BR><INPUT TYPE="text" NAME="BILL_payname" VALUE="$payname">!,
> --- cust_main.pm Thu Jul 17 12:02:04 2003
> +++ /usr/lib/perl5/site_perl/5.6.1/FS/cust_main.pm Sat Oct 11 02:16:45 2003
> @@ -171,6 +171,8 @@
>
> =item payname - name on card or billing name
>
> +=item paycvv - Card Verification Value 3 or 4 digit number on the back of the credit card
> +
> =item tax - tax exempt, empty or `Y'
>
> =item otaker - order taker (assigned automatically, see L<FS::UID>)
> @@ -476,7 +478,7 @@
> }
>
> if ( $self->payby =~ /^(CARD|CHEK|LECB)$/ &&
> - grep { $self->get($_) ne $old->get($_) } qw(payinfo paydate payname) ) {
> + grep { $self->get($_) ne $old->get($_) } qw(payinfo paydate payname paycvv) ) {
> # card/check/lec info has changed, want to retry realtime_ invoice events
> my $error = $self->retry_realtime;
> if ( $error ) {
> @@ -564,6 +566,7 @@
> || $self->ut_textn('state')
> || $self->ut_country('country')
> || $self->ut_anything('comments')
> + || $self->ut_number('paycvv')
> || $self->ut_numbern('referral_custnum')
> ;
> #barf. need message catalogs. i18n. etc.
> @@ -752,7 +755,7 @@
> $self->tax($1);
>
> $self->otaker(getotaker);
> -
> + $self->paycvv($self->paycvv);
> #warn "AFTER: \n". $self->_dump;
>
> ''; #no error
> --- process/cust_main.cgi Wed Jul 23 11:36:56 2003
> +++ /usr/local/freeside/asp/edit/process/cust_main.cgi Sat Oct 11 02:12:11 2003
> @@ -19,6 +19,7 @@
> $cgi->param('paydate',
> $cgi->param( $payby. '_month' ). '-'. $cgi->param( $payby. '_year' ) );
> $cgi->param('payname', $cgi->param( $payby. '_payname' ) );
> + $cgi->param('paycvv', $cgi->param( $payby. '_paycvv' ) );
> }
>
> $cgi->param('otaker', &getotaker );
> --- freeside-setup Fri Jun 13 22:02:25 2003
> +++ freeside-setup Sat Oct 11 15:20:41 2003
> @@ -494,6 +494,7 @@
> 'ship_fax', 'varchar', 'NULL', 12,
> 'payby', 'char', '', 4,
> 'payinfo', 'varchar', 'NULL', $char_d,
> + 'paycvv', 'varchar', 'NULL', 4,
> #'paydate', @date_type,
> 'paydate', 'varchar', 'NULL', 10,
> 'payname', 'varchar', 'NULL', $char_d,
--
_ivan
More information about the freeside-devel
mailing list