[freeside-devel] Patch to add CVV2 (Card Verification Value)
ivan at 420.am
ivan at 420.am
Fri Oct 24 12:34:40 PDT 2003
Okay... I make changes based on your patch to collect and store the CVV2
numbers, but delete them after the initial transaction. I modified the
Business::OnlinePayment usage to set the "recurring_transaction" flag
for subsequent transactions to the same card; at least Authorize.Net
uses this to waive the CVV2 requirement. Hopefully other gateways have
an equivalent flag that can be supported in their B:OP modules.
I also added CVV2 collection to the signup server.
--
_ivan
On Tue, Oct 14, 2003 at 08:49:29AM -0700, ivan at 420.am wrote:
> I'm not sure if I should accept this patch.
>
> Jeff pointed out that merchant agreements prohibit the storage of the
> CVV2 data after the transaction in which it was captured, such as
> storing it in this database for future recurring transactions.
>
> This presents a dilemma for merchants which do recurring transacitons,
> especially since gateways and merchant account providers seem to be
> pressing for CVV2 to get the best rates.
>
> Should we patch Freeside to only use the CVV2 numbers for initial
> signups, and just deal with the fact we can't store them for recurring
> transactions? Or should we have the option to store the CVV2 numbers
> anyway, stick on warning that the option may be in violation of merchant
> agreements, and be done with it?
>
> --
> _ivan
>
>
> On Sat, Oct 11, 2003 at 03:24:03PM -0400, Webmaster wrote:
> > I have attached a patch (diff -u) to add CVV2 (Card Verification Value) to
> > customer entry screen, and submit it to your card processor. This is
> > based on Fresside v1.4.1, using Apache::ASP. If I have missed anything,
> > please tell me.
> >
> > Database changes:
> > ALTER TABLE cust_main ADD paycvv VARCHAR(4);
> > ALTER TABLE h_cust_main ADD paycvv VARCHAR(4);
> >
> >
> > Brian
> > --- cust_bill.pm Sat Aug 23 02:46:58 2003
> > +++ /usr/lib/perl5/site_perl/5.6.1/FS/cust_bill.pm Fri Oct 10 19:53:04 2003
> > @@ -741,6 +741,7 @@
> > $content{card_number} = $cust_main->payinfo;
> > $cust_main->paydate =~ /^\d{2}(\d{2})[\/\-](\d+)[\/\-]\d+$/;
> > $content{expiration} = "$2/$1";
> > + $content{cvv2} = $cust_main->paycvv;
> > } elsif ( $method eq 'ECHECK' ) {
> > my($account_number,$routing_code) = $cust_main->payinfo;
> > ( $content{account_number}, $content{routing_code} ) =
> > --- cust_main.cgi Wed Jul 23 11:36:56 2003
> > +++ /usr/local/freeside/asp/edit/cust_main.cgi Fri Oct 10 18:03:27 2003
> > @@ -401,13 +401,14 @@
> > "</TABLE>",
> > &table("#cccccc"), "<TR>";
> >
> > - my($payinfo, $payname)=(
> > + my($payinfo, $payname, $paycvv)=(
> > $cust_main->payinfo,
> > $cust_main->payname,
> > + $cust_main->paycvv
> > );
> >
> > my %payby = (
> > - 'CARD' => qq!Credit card<BR>${r}<INPUT TYPE="text" NAME="CARD_payinfo" VALUE="" MAXLENGTH=19><BR>${r}Exp !. expselect("CARD"). qq!<BR>${r}Name on card<BR><INPUT TYPE="text" NAME="CARD_payname" VALUE="">!,
> > + 'CARD' => qq!Credit card<BR>${r}<INPUT TYPE="text" NAME="CARD_payinfo" VALUE="" MAXLENGTH=19><BR>${r}Exp !. expselect("CARD"). qq!<BR>${r}Name on card<BR><INPUT TYPE="text" NAME="CARD_payname" VALUE="">!. qq!<BR>Card Verification Value<BR><INPUT TYPE="text" NAME="CARD_paycvv" VALUE="">!,
> > 'CHEK' => qq!Electronic check<BR>${r}Account number <INPUT TYPE="text" NAME="CHEK_payinfo1" VALUE=""><BR>${r}ABA/Routing code <INPUT TYPE="text" NAME="CHEK_payinfo2" VALUE="" SIZE=10 MAXLENGTH=9><INPUT TYPE="hidden" NAME="CHEK_month" VALUE="12"><INPUT TYPE="hidden" NAME="CHEK_year" VALUE="2037"><BR>${r}Bank name <INPUT TYPE="text" NAME="CHEK_payname" VALUE="">!,
> > 'LECB' => qq!Phone bill billing<BR>${r}Phone number <INPUT TYPE="text" BANE="LECB_payinfo" VALUE="" MAXLENGTH=15 SIZE=16><INPUT TYPE="hidden" NAME="LECB_month" VALUE="12"><INPUT TYPE="hidden" NAME="LECB_year" VALUE="2037"><INPUT TYPE="hidden" NAME="LECB_payname" VALUE="">!,
> > 'BILL' => qq!Billing<BR>P.O. <INPUT TYPE="text" NAME="BILL_payinfo" VALUE=""><BR><INPUT TYPE="hidden" NAME="BILL_month" VALUE="12"><INPUT TYPE="hidden" NAME="BILL_year" VALUE="2037">Attention<BR><INPUT TYPE="text" NAME="BILL_payname" VALUE="">!,
> > @@ -417,7 +418,7 @@
> > my( $account, $aba ) = split('@', $payinfo);
> >
> > my %paybychecked = (
> > - 'CARD' => qq!Credit card<BR>${r}<INPUT TYPE="text" NAME="CARD_payinfo" VALUE="$payinfo" MAXLENGTH=19><BR>${r}Exp !. expselect("CARD", $cust_main->paydate). qq!<BR>${r}Name on card<BR><INPUT TYPE="text" NAME="CARD_payname" VALUE="$payname">!,
> > + 'CARD' => qq!Credit card<BR>${r}<INPUT TYPE="text" NAME="CARD_payinfo" VALUE="$payinfo" MAXLENGTH=19><BR>${r}Exp !. expselect("CARD", $cust_main->paydate). qq!<BR>${r}Name on card<BR><INPUT TYPE="text" NAME="CARD_payname" VALUE="$payname">!. qq!<BR>Card Verification Value<BR><INPUT TYPE="text" NAME="CARD_paycvv" VALUE="$paycvv">!,
> > 'CHEK' => qq!Electronic check<BR>${r}Account number <INPUT TYPE="text" NAME="CHEK_payinfo1" VALUE="$account"><BR>${r}ABA/Routing code <INPUT TYPE="text" NAME="CHEK_payinfo2" VALUE="$aba" SIZE=10 MAXLENGTH=9><INPUT TYPE="hidden" NAME="CHEK_month" VALUE="12"><INPUT TYPE="hidden" NAME="CHEK_year" VALUE="2037"><BR>${r}Bank name <INPUT TYPE="text" NAME="CHEK_payname" VALUE="$payname">!,
> > 'LECB' => qq!Phone bill billing<BR>${r}Phone number <INPUT TYPE="text" BANE="LECB_payinfo" VALUE="$payinfo" MAXLENGTH=15 SIZE=16><INPUT TYPE="hidden" NAME="LECB_month" VALUE="12"><INPUT TYPE="hidden" NAME="LECB_year" VALUE="2037"><INPUT TYPE="hidden" NAME="LECB_payname" VALUE="">!,
> > 'BILL' => qq!Billing<BR>P.O. <INPUT TYPE="text" NAME="BILL_payinfo" VALUE="$payinfo"><BR><INPUT TYPE="hidden" NAME="BILL_month" VALUE="12"><INPUT TYPE="hidden" NAME="BILL_year" VALUE="2037">Attention<BR><INPUT TYPE="text" NAME="BILL_payname" VALUE="$payname">!,
> > --- cust_main.pm Thu Jul 17 12:02:04 2003
> > +++ /usr/lib/perl5/site_perl/5.6.1/FS/cust_main.pm Sat Oct 11 02:16:45 2003
> > @@ -171,6 +171,8 @@
> >
> > =item payname - name on card or billing name
> >
> > +=item paycvv - Card Verification Value 3 or 4 digit number on the back of the credit card
> > +
> > =item tax - tax exempt, empty or `Y'
> >
> > =item otaker - order taker (assigned automatically, see L<FS::UID>)
> > @@ -476,7 +478,7 @@
> > }
> >
> > if ( $self->payby =~ /^(CARD|CHEK|LECB)$/ &&
> > - grep { $self->get($_) ne $old->get($_) } qw(payinfo paydate payname) ) {
> > + grep { $self->get($_) ne $old->get($_) } qw(payinfo paydate payname paycvv) ) {
> > # card/check/lec info has changed, want to retry realtime_ invoice events
> > my $error = $self->retry_realtime;
> > if ( $error ) {
> > @@ -564,6 +566,7 @@
> > || $self->ut_textn('state')
> > || $self->ut_country('country')
> > || $self->ut_anything('comments')
> > + || $self->ut_number('paycvv')
> > || $self->ut_numbern('referral_custnum')
> > ;
> > #barf. need message catalogs. i18n. etc.
> > @@ -752,7 +755,7 @@
> > $self->tax($1);
> >
> > $self->otaker(getotaker);
> > -
> > + $self->paycvv($self->paycvv);
> > #warn "AFTER: \n". $self->_dump;
> >
> > ''; #no error
> > --- process/cust_main.cgi Wed Jul 23 11:36:56 2003
> > +++ /usr/local/freeside/asp/edit/process/cust_main.cgi Sat Oct 11 02:12:11 2003
> > @@ -19,6 +19,7 @@
> > $cgi->param('paydate',
> > $cgi->param( $payby. '_month' ). '-'. $cgi->param( $payby. '_year' ) );
> > $cgi->param('payname', $cgi->param( $payby. '_payname' ) );
> > + $cgi->param('paycvv', $cgi->param( $payby. '_paycvv' ) );
> > }
> >
> > $cgi->param('otaker', &getotaker );
> > --- freeside-setup Fri Jun 13 22:02:25 2003
> > +++ freeside-setup Sat Oct 11 15:20:41 2003
> > @@ -494,6 +494,7 @@
> > 'ship_fax', 'varchar', 'NULL', 12,
> > 'payby', 'char', '', 4,
> > 'payinfo', 'varchar', 'NULL', $char_d,
> > + 'paycvv', 'varchar', 'NULL', 4,
> > #'paydate', @date_type,
> > 'paydate', 'varchar', 'NULL', 10,
> > 'payname', 'varchar', 'NULL', $char_d,
>
> --
> _ivan
--
_ivan
More information about the freeside-devel
mailing list