search

braintree / braintree-web

A suite of tools for integrating Braintree in the browser
https://developer.paypal.com/braintree/docs/start/hello-client/javascript/v3
MIT License
444 stars 134 forks source link

verifyCard options must include a BIN. #681

Closed rysi3k closed 1 year ago

rysi3k commented 1 year ago

General information

Issue description

After upgrading above 3.90.0 when we try to do some extra sales, not dependent on the existed subscription of user it causes "verifyCard options must include a BIN." error. Our flow:

  1. User setups subscription, we make calls:

    braintree.client.create({
authorization: clientToken,
})
//....
braintree.hostedFields.create({
client: client,
})
//...
braintree.threeDSecure.create({
  client,
  version: 2,
})
//...
hostedFields.tokenize((err, payload) => {
threeDSecureInstance.verifyCard({
      amount: 6.99,
      bin: payload.details.bin, //payload from hostedFields
      nonce: payload.nonce,

      onLookupComplete: function(data, next) {
        console.log('on lookup complete', data)
        next()
      }
    }, (err, verification) => onThreeDSecureVerification(err, verification, payload))
});

    and we are storing on backend payment method token: paymentMethod.creditCard.token in DB.

  2. When a user wants to buy something (we do NOT generate hostedfields because user has already existed payment method), we are taking the token from DB and create nonce: 
    gateway().paymentMethodNonce.create(paymentMethodToken)`

    The nonce is passed into verifyCard

    const threeDSecureVerification = await bt3ds.verifyCard({
  amount: 123,
  nonce, // nonce from request above
  challengeRequested: true,
  onLookupComplete: (data, next) => next()
})

    and here lies the confusion - after upgrade above 3.90.0 verifyCard requires bin parameter as well. I see that it could be taken from gateway().paymentMethodNonce.create() and it works.

Is this a good approach? Or something should be changed on our side? I'm asking because we get error 'Merchant account does not support 3D Secure transactions for card type.' when passing verifyCard=true during transaction.sale api call. Changing it to false allows passing the transaction (on sandbox on card 4111 1111 1111 1111)

Thanks for any help.

hollabaq86 commented 1 year ago

Hey @rysi3k BIN is required for 3D Secure v2 flows, as this is how our MPI provider CardinalCommerce derives the correct issuing bank for collecting device data that's required for 3D Secure v2.

If you have additional questions about 3DS workflows, please contact Support, as they are well versed in the nuances of all the different 3DS workflows out there.