I'm getting this intermittent message on checkout in BigCommerce.
Your financial institution has indicated that it could not successfully authenticate this transaction. To protect against unauthorized use, this card cannot be used to complete your purchase. You may complete the purchase by selecting another form of payment or use a different card.
My API is correct with Paypal Payments Pro, Check out works and then doesn't work. Tried a few cards, sometimes the card worked, and sometimes it didn't. Here is the error message.
Your financial institution has indicated that it could not successfully authenticate this transaction. To protect against unauthorized use, this card cannot be used to complete your purchase. You may complete the purchase by selecting another form of payment or use a different card.
I have the same account setup on another BigCommerce site and never had a problem.
If you have another BigCommerce site and are using the PayPal account, make sure that your starting invoice numbers are far enough apart, otherwise you will be sending duplicate invoice numbers to PayPal and end they'll return an error. I was getting the same error, and I just set had to set one of my store's starting invoice number (under store settings/misc) to a really high number. This fixed the problem. Thanks BigCommerce tech support guy!
(You should be able to see what error you are getting by going through your store logs)
Related
On the Paypal Basic Integration tutorial it is possible to capture an order client-side which essentially submits the payment to paypal. Once the order is captured, the tutorials shows you how to verify the transaction which would ensure you do not provide a service or product unless the paypal order is verified. However, someone could maliciously capture a payment using the client id and while verification would fail paypal would withdraw the funds from the customer. How can you prevent this? Is this secure?
[UPDATE]
This questions comes mostly out of curiosity and lack of experience with paypal. To put more context into this and hopefully help others; the Paypal basic integration is simply an HTML form and so it doesn't stop anyone from modifying the HTML form and send a different amount for authorization/capture; lets say that the original amount for an order is 100, it is possible that someone changes that amount and submit the authorization with the different amount; at the minimum it would initiate an authorization/capture of this different amount that perhaps is higher. Good practice dictates that the amount and orders should be verified before finalizing the transaction on the backend, but even if the transaction is found to be invalid the funds would have already been put on a "hold" by paypal and possibly on the customers credit card.
This is probably not an issue since, like mentioned, transactions should be verified on the backend; it is also not too obvious( maybe with some social engineering) how someone would benefit from this and most likely would just be an inconvenience.
I am using payflow pro. When I use currency code 'USD' all payment flow's works fine. But when I change currency code to 'CAD' it will return error with result code 06 which means Invalid or unsupported currency code. How to solve this problem?
This is not problem with your code.
Following https://developer.paypal.com/docs/classic/api/currency_codes/
Payment Receiving Preferences
If you have a PayPal Premier or Business account, configure your Payment
Receiving Preferences to handle payments automatically. You can convert
any payment into your primary currency or block certain types of payments.
You can set the following:
Block or unblock payments from U.S. customers who don’t have a confirmed address.
Block or unblock payments sent to you in a currency you don’t hold.
Block or unblock payments for duplicate invoice IDs.
Block or unblock payments from customers who have non-U.S. PayPal accounts.
Block or unblock payments from Student Account holders.
Log in to your PayPal business account at www.paypal.com. Click the
profile icon (Profile menu) on the top right side of the page. From the
Business Profile menu, select Profile and Settings.
Note: If you do not see the profile icon on the top right, select
Profile which appears in the top menu when the My Account tab is selected.
From the left menu, click My selling tools.
In the Getting paid and managing my risk section, click the Update link
for the Block Payments item.
Update your settings and click Save.
Just happened to hit this problem with Magento 2.3.1, when paying with credit card against PayPal Payflow Pro. Our default currency for the store is "CAD".
The support team is super, after our several failed transactions they managed to figure our the problem, let me share their reply here:
Thanks for reaching out today. Happy to help.
It looks as though this is an issue with the currency code you're passing. Right now it appears you're trying to pass USD in on the $0.00 verification call, but CAD on the actual 2.20 transaction itself. When you verify a card, the transaction you attempt against that verification must use the same currency. Try passing the subsequent transaction with USD, or create the verification in CAD and then run the transaction against it using CAD. See https://developer.paypal.com/docs/classic/payflow/integration-guide/#submitting-account-verifications for more on verifications. That's a great resource for Payflow in general as well.
That should resolve the issue you're seeing, but please let us know if you run into any other issues.
I hope that helps. Let us know if you have any questions.
That says for two API calls from our server (Magento 2.3.1) to PayPal need to specify the same currency code. While our first API call which sending amt=0 field doesn't have separate currency field there, so I guess the default value was assigned which is "USD". While the second API call which sending the real amt number had currency=CAD field, that might confused the API and eventually refused by it.
For Magento 2.3.1 the fix is to add the currency filed for the first API call, which the same idea may apply to other conditions as well.
Here is the Magento fix in case you are interested.
I get it that Paypal SDK (backed by REST API) has three steps:
Create a payment
payment = Payment({...})
payment.create()
return redirect( redirect_url( payment))
The customer pays and authorizes payment from within Paypal
Redirect to our site where we execute payment, thus transferring money
Should I store the created payments at step 1? I would thus capture all payment attempts, whether successful or not. Or can I create a payment, and not remember it until step 3? That is, record only the successful payments (within their respective Invoices). Is there any reliability or security issue or other harm if I do not store it at step 1?
I suspect not being able to roll back failures.
In Paypal terms, they are of sale intent and are meant for payment of invoices for services rendered. Card data do not touch our servers, I am deferring to Paypal on handling it.
I use paypalrestsdk, Paypal's Python SDK.
Previously, it was tricky to get the PaymentId back when PayPal redirects the page back to your server to authorize you, as there was no way to get PaymentId on 3rd step
However, now, the PaymentId is returned back as a part of the URL as shown here in 3rd step :
http://localhost/Server-SDK/PayPal-PHP-SDK/sample/payments/ExecutePayment.php?success=true&paymentId=PAY-62998961VU1587338KR3AXWQ&token=EC-4YC2489096181311L&PayerID=REABK2UGK7PLW
As you can see it has paymentId which is the Id that you need to store.
So, to answer you dont need to store anything till 3rd step.
Additional Note:
However, if you have some complicated logic/service you want to provide. E.g. send them an email reminder(if you have their emailId), to remind them if they abandoned your card, etc. However, there are many ways to do that besides using these steps.
We are running an e-commerce web site on Ruby on Rails and for the processing of Credit Cards we use the ActiveMerchant plugin to interface to our PayPal Website Payments Pro account using our API credentials.
As part of the checkout process we first call the authorize function on our gateway object and then, after some further checks, we perform the capture part.
We have lately been experiencing a bug where an amount gets reserved twice on a customer's account: one charge being only the authorization and the second being the final purchase. So to the client it looks like we are billing him twice (once for authorization, once for final purchase) while we are actually receiving the money only once and the "second charge" on his account is simply an authorization that we don't clear for some reason. (This seems to happen particularly when PayPal FMF rejects our transaction and we re-process.)
I am trying to troubleshoot this by creating PayPal Sandbox Accounts for Buyer and for Seller. I am running through the code line by line via Rails Console and simulating different conditions to try and replicate the error. However, my successful Credit Card transactions only appear in my "seller"/"merchant" account and not in the "buyer" account on the PayPal Sandbox so I cannot see what the effect of my code sequence is having on a customer's card. This post seems to indicate that that is just the way things are and that it is indeed not possible to test the effect on Buyer Credit Card side. This post suggests using PayPal Express Checkout but that is not what we need on our site as we're specifically looking at Credit Card transactions here that are integrated to our site.
How can I test the effect of my code on a client's Credit Card? Is there perhaps something I missed in PayPal or is there maybe some mode/log/monitor in ActiveMerchant that I can use to see this? I need to find the line of code that is causing us to authorize twice.
If the initial transaction is being rejected by FMF, and then you reattempt another transaction this would cause a second hold on the buyers card as this would be a completely different transaction attempt. The bank may have approved the first transaction, but then the FMF filters declined it based on your settings. As far as the bank is concerned, it is still a valid charge that was approved. So when you run your second attempt, this will cause a second hold on the card for the same amount but for a different transaction.
Problem: I've implemented "partial authorizations" (pg 72) but whenever I try to run a transaction that could use it, the result is a decline.
Setup: I'm handling transactions with the API with PayPal Payment Pro Payflow Edition (aka, PayFlow Pro Gateway & PayPal Merchant Account).
Cards use in Transaction: Visa Gift Card & American Express Gift Card. This feature was made for gift cards and other prepaid products. Gift Cards are specifically cited in PayPal's documentation example.
Transaction Logs:
Here is the log for a declined partial authorization. The original amount requested is $25.00, even though this visa gift card only had $2.00 on it. I should have received a response with an approved amount for $2.00. Instead I got a decline.
-> PARTIALAUTH:Y TENDER:C ACCT:**** VERBOSITY:HIGH TRXTYPE:A EXPDATE:0618 AMT:25.00
<- RESULT:12 CARDTYPE:0 PROCAVS:G IAVS:N PROCCVV2:I EXPDATE:0618 RESPMSG:Declined: 15005-This transaction cannot be processed. LASTNAME:NotProvided ACCT:**** AMT:25.00 PNREF:************ AVSZIP:X AVSADDR:X HOSTCODE:15005 TRANSTIME:2012-12-14 12:43:04 CVV2MATCH:X
For comparison, when I run the same card for an amount that is less than what's on the card, it goes through no problem:
-> TENDER:C VERBOSITY:HIGH ACCT:**** AMT:.11 TRXTYPE:A EXPDATE:0618 PARTIALAUTH:Y
<- AMT:0.11 AVSZIP:X PPREF:***************** ACCT:**** AUTHCODE:111111 TRANSTIME:2012-12-14 12:41:46 LASTNAME:NotProvided IAVS:N PROCAVS:G RESPMSG:Approved PNREF:************ RESULT:0 EXPDATE:0618 PROCCVV2:I CARDTYPE:0 AVSADDR:X CVV2MATCH:X CORRELATIONID:*************
-> TENDER:C ORIGID:************ TRXTYPE:D
<- RESULT:0 PENDINGREASON:completed PNREF:************ FEEAMT:0.11 PAYMENTTYPE:instant RESPMSG:Approved PPREF:************ CORRELATIONID:*************
I believe the API calls should be and in fact are the same in both cases. The point of Partial Authorizations is that you don't know when you need it, so if you want it, it should be enabled for all transactions -- meaning you always append the two extra parameters of VERBOSITY=HIGH and and PARTIALAUTH=Y.
Any ideas why this isn't working. The feature is very important to my application and is one of the main reasons I'm using PayPal.
I hope I'm missing something simple, like a setting in manager.paypal.com.
From what I can see you're doing everything correctly. When something like this happens the only thing you can do is contact PayPal directly.
You can do so via www.paypal.com/mts or if you login to your PayPal account and go into the contact by phone section you should see a separate phone number for tech support directly.
I would recommend submitting a ticket to MTS and then also calling, but when you call, refer them to your ticket. They're going to want you to post one anyway, but if that's all you do it probably won't get answered for awhile, unfortunately. I've had good luck catching them on the phone, though, and can get things done much more quickly that way.
The only thing I can think of that might be an issue here is that you're using the PayFlow gateway with PayPal as your merchant. While the PayFlow gateway supports this, PayPal may not. It may only work if you're using a 3rd party merchant account on the PayFlow gateway.
That's something they will need to confirm or deny as I haven't specifically tested this myself, but again, I don't see that you're doing anything incorrectly.