[freeside-devel] Patch to add CVV2 (Card Verification Value)
ivan at 420.am
ivan at 420.am
Fri Oct 24 12:47:48 PDT 2003
On Fri, Oct 24, 2003 at 03:43:03PM -0400, Webmaster wrote:
> Good idea, didn't see that recurring_transaction option.
It appears to only be supported in B:OP:AuthorizeNet at the moment, but
as other gateways start to require CVV, I expect they will have similar
flags that can be used.
> Also, I found
> and error in my patch, in cust_main.pm, the line:
> > > + || $self->ut_number('paycvv')
> is incorrect, it makes it required all the time :( oops...
No worries; I didn't use that part of the patch. I allowed for no CVV
value entered, and when one was, explicitly required 4 digits for Amex
and 3 digits for everything else.
--
_ivan
>
> sorry about that.
>
> Brian
>
>
> > Okay... I make changes based on your patch to collect and store the CVV2
> numbers, but delete them after the initial transaction. I modified the
> Business::OnlinePayment usage to set the "recurring_transaction" flag
> for subsequent transactions to the same card; at least Authorize.Net
> uses this to waive the CVV2 requirement. Hopefully other gateways have
> an equivalent flag that can be supported in their B:OP modules.
> >
> > I also added CVV2 collection to the signup server.
> >
> > --
> > _ivan
> >
> >
> > On Tue, Oct 14, 2003 at 08:49:29AM -0700, ivan at 420.am wrote:
> >> I'm not sure if I should accept this patch.
> >> Jeff pointed out that merchant agreements prohibit the storage of the
> CVV2 data after the transaction in which it was captured, such as
> storing it in this database for future recurring transactions.
> >> This presents a dilemma for merchants which do recurring transacitons,
> especially since gateways and merchant account providers seem to be
> pressing for CVV2 to get the best rates.
> >> Should we patch Freeside to only use the CVV2 numbers for initial
> signups, and just deal with the fact we can't store them for recurring
> transactions? Or should we have the option to store the CVV2 numbers
> anyway, stick on warning that the option may be in violation of
> merchant
> >> agreements, and be done with it?
> >> --
> >> _ivan
> >> On Sat, Oct 11, 2003 at 03:24:03PM -0400, Webmaster wrote:
> >> > I have attached a patch (diff -u) to add CVV2 (Card Verification
> >> Value) to
> >> > customer entry screen, and submit it to your card processor. This is
> based on Fresside v1.4.1, using Apache::ASP. If I have missed
> >> anything,
> >> > please tell me.
> >> >
> >> > Database changes:
> >> > ALTER TABLE cust_main ADD paycvv VARCHAR(4);
> >> > ALTER TABLE h_cust_main ADD paycvv VARCHAR(4);
> >> >
> >> >
> >> > Brian
> >> > --- cust_bill.pm Sat Aug 23 02:46:58 2003
> >> > +++ /usr/lib/perl5/site_perl/5.6.1/FS/cust_bill.pm Fri Oct 10
> >> 19:53:04 2003
> >> > @@ -741,6 +741,7 @@
> >> > $content{card_number} = $cust_main->payinfo;
> >> > $cust_main->paydate =~ /^\d{2}(\d{2})[\/\-](\d+)[\/\-]\d+$/;
> $content{expiration} = "$2/$1";
> >> > + $content{cvv2} = $cust_main->paycvv;
> >> > } elsif ( $method eq 'ECHECK' ) {
> >> > my($account_number,$routing_code) = $cust_main->payinfo; (
> $content{account_number}, $content{routing_code} ) =
> >> > --- cust_main.cgi Wed Jul 23 11:36:56 2003
> >> > +++ /usr/local/freeside/asp/edit/cust_main.cgi Fri Oct 10 18:03:27
> >> 2003
> >> > @@ -401,13 +401,14 @@
> >> > "</TABLE>",
> >> > &table("#cccccc"), "<TR>";
> >> >
> >> > - my($payinfo, $payname)=(
> >> > + my($payinfo, $payname, $paycvv)=(
> >> > $cust_main->payinfo,
> >> > $cust_main->payname,
> >> > + $cust_main->paycvv
> >> > );
> >> >
> >> > my %payby = (
> >> > - 'CARD' => qq!Credit card<BR>${r}<INPUT TYPE="text"
> >> NAME="CARD_payinfo" VALUE="" MAXLENGTH=19><BR>${r}Exp !.
> >> expselect("CARD"). qq!<BR>${r}Name on card<BR><INPUT TYPE="text"
> NAME="CARD_payname" VALUE="">!,
> >> > + 'CARD' => qq!Credit card<BR>${r}<INPUT TYPE="text"
> >> NAME="CARD_payinfo" VALUE="" MAXLENGTH=19><BR>${r}Exp !.
> >> expselect("CARD"). qq!<BR>${r}Name on card<BR><INPUT TYPE="text"
> NAME="CARD_payname" VALUE="">!. qq!<BR>Card Verification
> >> Value<BR><INPUT TYPE="text" NAME="CARD_paycvv" VALUE="">!,
> >> > 'CHEK' => qq!Electronic check<BR>${r}Account number <INPUT
> >> TYPE="text" NAME="CHEK_payinfo1" VALUE=""><BR>${r}ABA/Routing
> >> code <INPUT TYPE="text" NAME="CHEK_payinfo2" VALUE="" SIZE=10
> >> MAXLENGTH=9><INPUT TYPE="hidden" NAME="CHEK_month"
> >> VALUE="12"><INPUT TYPE="hidden" NAME="CHEK_year"
> >> VALUE="2037"><BR>${r}Bank name <INPUT TYPE="text"
> >> NAME="CHEK_payname" VALUE="">!,
> >> > 'LECB' => qq!Phone bill billing<BR>${r}Phone number <INPUT
> >> TYPE="text" BANE="LECB_payinfo" VALUE="" MAXLENGTH=15
> >> SIZE=16><INPUT TYPE="hidden" NAME="LECB_month" VALUE="12"><INPUT
> TYPE="hidden" NAME="LECB_year" VALUE="2037"><INPUT TYPE="hidden"
> NAME="LECB_payname" VALUE="">!,
> >> > 'BILL' => qq!Billing<BR>P.O. <INPUT TYPE="text"
> >> NAME="BILL_payinfo" VALUE=""><BR><INPUT TYPE="hidden"
> >> NAME="BILL_month" VALUE="12"><INPUT TYPE="hidden"
> >> NAME="BILL_year" VALUE="2037">Attention<BR><INPUT TYPE="text"
> >> NAME="BILL_payname" VALUE="">!,
> >> > @@ -417,7 +418,7 @@
> >> > my( $account, $aba ) = split('@', $payinfo);
> >> >
> >> > my %paybychecked = (
> >> > - 'CARD' => qq!Credit card<BR>${r}<INPUT TYPE="text"
> >> NAME="CARD_payinfo" VALUE="$payinfo" MAXLENGTH=19><BR>${r}Exp !.
> expselect("CARD", $cust_main->paydate). qq!<BR>${r}Name on
> >> card<BR><INPUT TYPE="text" NAME="CARD_payname" VALUE="$payname">!,
> >> > + 'CARD' => qq!Credit card<BR>${r}<INPUT TYPE="text"
> >> NAME="CARD_payinfo" VALUE="$payinfo" MAXLENGTH=19><BR>${r}Exp !.
> expselect("CARD", $cust_main->paydate). qq!<BR>${r}Name on
> >> card<BR><INPUT TYPE="text" NAME="CARD_payname" VALUE="$payname">!.
> qq!<BR>Card Verification Value<BR><INPUT TYPE="text"
> >> NAME="CARD_paycvv" VALUE="$paycvv">!,
> >> > 'CHEK' => qq!Electronic check<BR>${r}Account number <INPUT
> >> TYPE="text" NAME="CHEK_payinfo1"
> >> VALUE="$account"><BR>${r}ABA/Routing code <INPUT TYPE="text"
> >> NAME="CHEK_payinfo2" VALUE="$aba" SIZE=10 MAXLENGTH=9><INPUT
> >> TYPE="hidden" NAME="CHEK_month" VALUE="12"><INPUT TYPE="hidden"
> NAME="CHEK_year" VALUE="2037"><BR>${r}Bank name <INPUT
> >> TYPE="text" NAME="CHEK_payname" VALUE="$payname">!,
> >> > 'LECB' => qq!Phone bill billing<BR>${r}Phone number <INPUT
> >> TYPE="text" BANE="LECB_payinfo" VALUE="$payinfo" MAXLENGTH=15
> >> SIZE=16><INPUT TYPE="hidden" NAME="LECB_month" VALUE="12"><INPUT
> TYPE="hidden" NAME="LECB_year" VALUE="2037"><INPUT TYPE="hidden"
> NAME="LECB_payname" VALUE="">!,
> >> > 'BILL' => qq!Billing<BR>P.O. <INPUT TYPE="text"
> >> NAME="BILL_payinfo" VALUE="$payinfo"><BR><INPUT TYPE="hidden"
> >> NAME="BILL_month" VALUE="12"><INPUT TYPE="hidden"
> >> NAME="BILL_year" VALUE="2037">Attention<BR><INPUT TYPE="text"
> >> NAME="BILL_payname" VALUE="$payname">!,
> >> > --- cust_main.pm Thu Jul 17 12:02:04 2003
> >> > +++ /usr/lib/perl5/site_perl/5.6.1/FS/cust_main.pm Sat Oct 11
> >> 02:16:45 2003
> >> > @@ -171,6 +171,8 @@
> >> >
> >> > =item payname - name on card or billing name
> >> >
> >> > +=item paycvv - Card Verification Value 3 or 4 digit number on the
> >> back of the credit card
> >> > +
> >> > =item tax - tax exempt, empty or `Y'
> >> >
> >> > =item otaker - order taker (assigned automatically, see L<FS::UID>)
> >> > @@ -476,7 +478,7 @@
> >> > }
> >> >
> >> > if ( $self->payby =~ /^(CARD|CHEK|LECB)$/ &&
> >> > - grep { $self->get($_) ne $old->get($_) } qw(payinfo paydate
> >> payname) ) {
> >> > + grep { $self->get($_) ne $old->get($_) } qw(payinfo paydate
> >> payname paycvv) ) {
> >> > # card/check/lec info has changed, want to retry realtime_
> >> invoice events
> >> > my $error = $self->retry_realtime;
> >> > if ( $error ) {
> >> > @@ -564,6 +566,7 @@
> >> > || $self->ut_textn('state')
> >> > || $self->ut_country('country')
> >> > || $self->ut_anything('comments')
> >> > + || $self->ut_number('paycvv')
> >> > || $self->ut_numbern('referral_custnum')
> >> > ;
> >> > #barf. need message catalogs. i18n. etc.
> >> > @@ -752,7 +755,7 @@
> >> > $self->tax($1);
> >> >
> >> > $self->otaker(getotaker);
> >> > -
> >> > + $self->paycvv($self->paycvv);
> >> > #warn "AFTER: \n". $self->_dump;
> >> >
> >> > ''; #no error
> >> > --- process/cust_main.cgi Wed Jul 23 11:36:56 2003
> >> > +++ /usr/local/freeside/asp/edit/process/cust_main.cgi Sat Oct 11
> >> 02:12:11 2003
> >> > @@ -19,6 +19,7 @@
> >> > $cgi->param('paydate',
> >> > $cgi->param( $payby. '_month' ). '-'. $cgi->param( $payby.
> >> '_year' ) );
> >> > $cgi->param('payname', $cgi->param( $payby. '_payname' ) );
> >> > + $cgi->param('paycvv', $cgi->param( $payby. '_paycvv' ) );
> >> > }
> >> >
> >> > $cgi->param('otaker', &getotaker );
> >> > --- freeside-setup Fri Jun 13 22:02:25 2003
> >> > +++ freeside-setup Sat Oct 11 15:20:41 2003
> >> > @@ -494,6 +494,7 @@
> >> > 'ship_fax', 'varchar', 'NULL', 12,
> >> > 'payby', 'char', '', 4,
> >> > 'payinfo', 'varchar', 'NULL', $char_d,
> >> > + 'paycvv', 'varchar', 'NULL', 4,
> >> > #'paydate', @date_type,
> >> > 'paydate', 'varchar', 'NULL', 10,
> >> > 'payname', 'varchar', 'NULL', $char_d,
> >> --
> >> _ivan
> >
> > --
> > _ivan
> >
>
>
>
--
_ivan
More information about the freeside-devel
mailing list