iStore: Validation on the Security Code (cvv) Field to prevent invalid values being sent for Credit Card Authorizations (Doc ID 1587438.1)

Last updated on NOVEMBER 24, 2014

Applies to:

Oracle iStore - Version 12.1.1 and later
Information in this document applies to any platform.
cvv
security code
card verification value

Symptoms

On : 12.1.1 version, Checkout and Order Placement

ACTUAL BEHAVIOR
---------------
The iStore security code field (also known as 'cvv' field) is not validated, and the user can enter any value consisting of numbers or characters or even a blank space.
(This field can optionally be setup as required for which customer does have this as required).



EXPECTED BEHAVIOR
-----------------------
Expect the Security Code field to be validated, so invalid entries will not be allowed.



STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Login to iStore and add and item to cart
2. Choose Checkout and continue button
3. Choose the payment type as credit card
4. The Security Code field is setup as required, enter a space (hit space bar) in this field
5. Continue and choose Place Order, no warning message returned.



BUSINESS IMPACT
-----------------------
The issue has the following business impact:
Due to this issue, users can enter invalid entries for the Security Code field (cvv field) and will get an error only when the actual credit card authorizations is attempted by Oracle Payments. The validation should be upon entry of the field, so the user can have the credit card authorization processed properly. This is an inconvenience to the user.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms