alexryall
commented
11 months ago This can be replicated by either having 3DS disabled in the admin or using a card that is not enrolled in 3DS.
Open alexryall opened 11 months ago
alexryall
commented
11 months ago This can be replicated by either having 3DS disabled in the admin or using a card that is not enrolled in 3DS.
Magento version: 2.4.5 Checkout.com module version: 5.3.0 3DS: Disabled
Since upgrading to version 5 of the module in live we have been getting significantly more orders marked as "pending_payment". After investigating I have discovered the checkout.com module no longer checks a payment is authorized before placing the order and customers will receive the success page even when the payment fails authorization.
This can be replicated by installing the checkout.com module on a blank version of Magento and configuring with sandbox credentials. Using any of the sandbox cards that are used to emulate fails e.g. insufficient funds (4544 2491 6767 3670) the order will "complete".
Having looked into the code changes between v4 and v5 there used to be a check that the payment is approved. Now it only checks for a 20x status which includes any failures such as incorrect card details or insufficient funds.
v4:
v5: