When checkout out with a Diners Card you get the error: "You have entered an invalid card security code.". This is because we validate only against the first digit of the card. American Express cards begin with a 3 and have a 4 digit CVV but Diners also start with 3 and have a 3 digit CVV.

Diner cards are always 14 digits long where as American Express are always 15. I've added a check against the length when the card starts with a 3 for now. Obviously some more robust credit card checking could be added in the future.

I would be happy to take this on if nobody else has already started.

References: http://www.merriampark.com/anatomycc.htm

commerce_payment.credit_card.inc_.patch851 bytesbenjy
PASSED: [[SimpleTest]]: [MySQL] 3,567 pass(es). View
Members fund testing for the Drupal project. Drupal Association Learn more


Damien Tournoud’s picture

This whole code needs to go away. I don't know how it got there in the first place, but we are not in the business of following every sneezing of the payment card industry, nor every possible variations in the world. That's what payment gateways are for.

benjy’s picture

I don't think some basic validation is a bad idea to catch mistyped credit card details without a request to the payment gateway.

Payment gateway modules that have already been developed for commerce are probably relying on the method commerce_payment_credit_card_validate(). I know the eWay one does.

rszrama’s picture

Title: Australian Diners Card are always rejected with 3 digit pin » JCB and Diners Card CVVs fail validation with what should be a valid 3-digit code
Assigned: benjy » Unassigned
Priority: Major » Normal
Status: Needs review » Fixed

Yeah, we can revisit this code's inclusion for 2.x, but I put it in b/c I did the same thing for 1.x. Really, these values don't really change, and we can provide a better customer experience if we can catch simple errors like this up front and highlight them w/ normal form errors.

Gonna go ahead and commit this fix for now (and extend it to JCB, which also uses a 3 digit CVV).

Thanks for the patch, Ben.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.