My Oracle Support Banner

iStore: Validation on the Security Code (cvv) Field to prevent invalid values being sent for Credit Card Authorizations (Doc ID 1587438.1)

Last updated on FEBRUARY 26, 2019

Applies to:

Oracle iStore - Version 12.1.1 and later
Information in this document applies to any platform.
security code
card verification value


On : 12.1.1 version, Checkout and Order Placement

The iStore security code field (also known as 'cvv' field) is not validated, and the user can enter any value consisting of numbers or characters or even a blank space.
(This field can optionally be setup as required for which customer does have this as required).

Expect the Security Code field to be validated, so invalid entries will not be allowed.

The issue can be reproduced at will with the following steps:
1. Login to iStore and add and item to cart
2. Choose Checkout and continue button
3. Choose the payment type as credit card
4. The Security Code field is setup as required, enter a space (hit space bar) in this field
5. Continue and choose Place Order, no warning message returned.

The issue has the following business impact:
Due to this issue, users can enter invalid entries for the Security Code field (cvv field) and will get an error only when the actual credit card authorizations is attempted by Oracle Payments. The validation should be upon entry of the field, so the user can have the credit card authorization processed properly. This is an inconvenience to the user.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.