[
https://issues.apache.org/jira/browse/OFBIZ-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12588241#action_12588241
]
Chris Lombardi commented on OFBIZ-1716:
---------------------------------------
I'm not sure of the scenario where you wouldn't just report back to the
customer that their card has been declined and instead retain the cvv code for
later retries.
1. Online e-commerce
2. POS
3. Card taken over phone by sales
4. Recurring subscriptions
For cases 1, 2 and 3, just report back declined. The customer may enter in a
different credit card. For case 4, you shouldn't retain the cvv code past the
initial transaction.
In reading the code, there was some retry logic for a not sufficient funds
(nsf) case. Could anyone explain when this is actually used? I'm having a
hard time figuring out when you wouldn't just report back to the customer with
a decline.
> POS: CVV2 code is not always deleted from the DB
> ------------------------------------------------
>
> Key: OFBIZ-1716
> URL: https://issues.apache.org/jira/browse/OFBIZ-1716
> Project: OFBiz
> Issue Type: Bug
> Components: ALL COMPONENTS
> Affects Versions: SVN trunk, Release Branch 4.0
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Critical
>
> I ran a transaction that was declined by the processor. I later noticed that
> the cvv2 code was still present in the database.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
