When checkout out with a Diners Card you get the error: "You have entered an invalid card security code.". This is because we validate only against the first digit of the card. American Express cards begin with a 3 and have a 4 digit CVV but Diners also start with 3 and have a 3 digit CVV.
Diner cards are always 14 digits long where as American Express are always 15. I've added a check against the length when the card starts with a 3 for now. Obviously some more robust credit card checking could be added in the future.
I would be happy to take this on if nobody else has already started.
References: http://www.merriampark.com/anatomycc.htm
Comment | File | Size | Author |
---|---|---|---|
commerce_payment.credit_card.inc_.patch | 851 bytes | benjy | |
Comments
Comment #1
Damien Tournoud CreditAttribution: Damien Tournoud commentedThis whole code needs to go away. I don't know how it got there in the first place, but we are not in the business of following every sneezing of the payment card industry, nor every possible variations in the world. That's what payment gateways are for.
Comment #2
benjy CreditAttribution: benjy commentedI don't think some basic validation is a bad idea to catch mistyped credit card details without a request to the payment gateway.
Payment gateway modules that have already been developed for commerce are probably relying on the method commerce_payment_credit_card_validate(). I know the eWay one does.
Comment #3
rszrama CreditAttribution: rszrama commentedYeah, we can revisit this code's inclusion for 2.x, but I put it in b/c I did the same thing for 1.x. Really, these values don't really change, and we can provide a better customer experience if we can catch simple errors like this up front and highlight them w/ normal form errors.
Gonna go ahead and commit this fix for now (and extend it to JCB, which also uses a 3 digit CVV).
Thanks for the patch, Ben.