Fraud Messages appear in Test-Mode

[EliasKotlyar]

Hello Wirecard-Team,

We figured out an error which we want to report here:

Preconditions

   Install Magento 2.1
   Install Wirecard WCP Plugin
   Use the Test-data from https://guides.wirecard.at/wcp:test_mode( 3-D Secure based )

Steps to reproduce:

    In frontend: Create an Order using a Test-Creditcard. 
    In admin panel: Have a look at this Order

Expected result

Order is completed without any notices.

Actual result

Order is completed but reported as a fraud

Traceback

We traced this error back to the compareQuoteChecksum method. We included a few additional debug-outputs to the plugin to find out the reason:

Additional Debug Output :

[2016-11-07 13:20:53] report.DEBUG: Wirecard\CheckoutPage\Helper\Data::compareQuoteChecksum:mine: 45ad47e86d4c5378cf31702199495eb6152eb1d4d8dd9c84ec8fa89da70a0598ff58994e85ae055a20b3820f322ef63d6c7fa433fe8643be2a63ea9092f30532 {"is_exception":false} []
[2016-11-07 13:20:53] report.DEBUG: Wirecard\CheckoutPage\Helper\Data::compareQuoteChecksum:his: 46bd91e9dbd77a398235f3e2301201c76b2be5fbdef4b674b491c7691b4b033759d837c1c2113427902bddc04b3287d8ed611cb68f930df2a53dde22c0711913 {"is_exception":false} []
[2016-11-07 13:20:53] report.DEBUG: Wirecard\CheckoutPage\Model\OrderManagement::confirmOrder:Ein Betrugsversuch wurde festgestellt. Der Warenkorb wurde während des Bezahlvorganges verändert. {"is_exception":false} []

Summary:

The error is triggered due a hash mismatch. The webservice returns a hash and this hash is compared to another hash which is calculated from the quote. Both Hashes are different but should be same.

We are thinking that the wirecard-server-side hash calculation differs from the calculation in magento.

Could you provide us some help with this Error? We are stuck at the development right now.

Feel free to contact us anytime for more information and debug Logs.(Email : elias.kotlyar@mediawave.de)

Many thanks in Advance,

Elias

Appendix : Complete Debug Log:

[2016-11-07 13:19:27] report.DEBUG: Wirecard\CheckoutPage\Helper\Data::calculateQuoteChecksum:calculation-result: 24.8EURelias.kotlyar@mediawave.de10002416.723.18Herr Elias KotlyarMünchen81377DEDEBayernWelfenstrasse 22Herr Elias KotlyarMünchen81377DEDEBayernWelfenstrasse 22 {"is_exception":false} []
[2016-11-07 13:19:27] report.DEBUG: Wirecard\CheckoutPage\Model\AbstractPayment::initPaymentByCart:Array
(
    [customerId] => D200411
    [shopId] => 3D
    [language] => de
    [pluginVersion] => TWFnZW50bzI7Mi4xLjE7V2lyZWNhcmRDRUVfUVBheSAzLjQuMDtXaXJlY2FyZC9DaGVja291dFBhZ2U7MS4wLjI=
    [confirmUrl] => http://local.dalton.dev/wirecardcheckoutpage/checkout/confirm/
    [orderReference] => 0000000080
    [uniqueId] => 8v2x3n6g7C
    [amount] => 24.8
    [currency] => EUR
    [paymentType] => CCARD
    [orderDescription] => elias.kotlyar@mediawave.de Elias Kotlyar
    [successUrl] => http://local.dalton.dev/wirecardcheckoutpage/checkout/back/
    [pendingUrl] => http://local.dalton.dev/wirecardcheckoutpage/checkout/back/
    [cancelUrl] => http://local.dalton.dev/wirecardcheckoutpage/checkout/back/
    [failureUrl] => http://local.dalton.dev/wirecardcheckoutpage/checkout/back/
    [serviceUrl] => https://www.google.de/?gws_rd=ssl
    [consumerIpAddress] => 10.10.0.1
    [consumerUserAgent] => Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0
    [consumerEmail] => elias.kotlyar@mediawave.de
    [consumerBillingFirstname] => Elias
    [consumerBillingLastname] => Kotlyar
    [consumerBillingAddress1] => Welfenstrasse 22
    [consumerBillingAddress2] => 
    [consumerBillingZipCode] => 81377
    [consumerBillingCity] => München
    [consumerBillingCountry] => DE
    [consumerBillingState] => BAY
    [consumerBillingPhone] => 
    [consumerBillingFax] => 
    [consumerShippingFirstname] => Elias
    [consumerShippingLastname] => Kotlyar
    [consumerShippingAddress1] => Welfenstrasse 22
    [consumerShippingAddress2] => 
    [consumerShippingZipCode] => 81377
    [consumerShippingCity] => München
    [consumerShippingCountry] => DE
    [consumerShippingState] => BAY
    [consumerShippingPhone] => 
    [consumerShippingFax] => 
    [mage_orderId] => 000000080
    [mage_quoteId] => 299
    [mage_orderCreation] => after
    [customerStatement] => Web Shop Id:0000000080
    [duplicateRequestCheck] => yes
    [iframeUsed] => 
    [quoteHash] => 46bd91e9dbd77a398235f3e2301201c76b2be5fbdef4b674b491c7691b4b033759d837c1c2113427902bddc04b3287d8ed611cb68f930df2a53dde22c0711913
)
 {"is_exception":false} []
[2016-11-07 13:20:51] report.DEBUG: Wirecard\CheckoutPage\Controller\Checkout\Back::execute:Array
(
    [amount] => 24.8
    [currency] => EUR
    [paymentType] => CCARD
    [financialInstitution] => Visa
    [language] => de
    [orderNumber] => 45906389
    [paymentState] => SUCCESS
    [uniqueId] => 8v2x3n6g7C
    [mage_orderId] => 000000080
    [mage_quoteId] => 299
    [mage_orderCreation] => after
    [iframeUsed] => 
    [quoteHash] => 46bd91e9dbd77a398235f3e2301201c76b2be5fbdef4b674b491c7691b4b033759d837c1c2113427902bddc04b3287d8ed611cb68f930df2a53dde22c0711913
    [authenticated] => Yes
    [anonymousPan] => 1003
    [expiry] => 01/2019
    [cardholder] => Elias Kotlyar
    [maskedPan] => 401200******1003
    [gatewayReferenceNumber] => C963472147852484476281
    [gatewayContractNumber] => 70003
    [responseFingerprintOrder] => amount,currency,paymentType,financialInstitution,language,orderNumber,paymentState,uniqueId,mage_orderId,mage_quoteId,mage_orderCreation,iframeUsed,quoteHash,authenticated,anonymousPan,expiry,cardholder,maskedPan,gatewayReferenceNumber,gatewayContractNumber,secret,responseFingerprintOrder
    [responseFingerprint] => 4a43553145a431feb73b15b14db979b3d1316a644de8f9aeb3da6ed73ec2dfdd4a69bbf9c4e6d52fad802d2ad2da968bca02c30d5126ef3c71d64497f7875033
)
 {"is_exception":false} []
[2016-11-07 13:20:51] report.DEBUG: Wirecard\CheckoutPage\Controller\Checkout\Back::execute:order not processed via confirm server2server request, check your packetfilter! {"is_exception":false} []
[2016-11-07 13:20:53] report.DEBUG: Wirecard\CheckoutPage\Helper\Data::calculateQuoteChecksum:calculation-result: 21.62EURelias.kotlyar@mediawave.de10002414.053.18Herr Elias KotlyarMünchen81377DEDEBayernWelfenstrasse 22Herr Elias KotlyarMünchen81377DEDEBayernWelfenstrasse 22 {"is_exception":false} []
[2016-11-07 13:20:53] report.DEBUG: Wirecard\CheckoutPage\Helper\Data::compareQuoteChecksum:quote checksum mismatch {"is_exception":false} []
[2016-11-07 13:20:53] report.DEBUG: Wirecard\CheckoutPage\Helper\Data::compareQuoteChecksum:mine: 45ad47e86d4c5378cf31702199495eb6152eb1d4d8dd9c84ec8fa89da70a0598ff58994e85ae055a20b3820f322ef63d6c7fa433fe8643be2a63ea9092f30532 {"is_exception":false} []
[2016-11-07 13:20:53] report.DEBUG: Wirecard\CheckoutPage\Helper\Data::compareQuoteChecksum:his: 46bd91e9dbd77a398235f3e2301201c76b2be5fbdef4b674b491c7691b4b033759d837c1c2113427902bddc04b3287d8ed611cb68f930df2a53dde22c0711913 {"is_exception":false} []
[2016-11-07 13:20:53] report.DEBUG: Wirecard\CheckoutPage\Model\OrderManagement::confirmOrder:Ein Betrugsversuch wurde festgestellt. Der Warenkorb wurde während des Bezahlvorganges verändert. {"is_exception":false} []
[2016-11-07 13:20:53] report.DEBUG: Wirecard\CheckoutPage\Model\OrderManagement::confirmOrder:payment-state:payment_approved allowed operations:DEPOSIT,APPROVEREVERSAL {"is_exception":false} []

[jakubpolomsky]

Hello,

thank you for your input. I will get into this today and I will notify you about the progress. Your work will help me to get this done faster.

[mjankiewicz]

Hello,

I had similar problem. All payments by credit card had status "fraud". It looks that method calculateQuoteChecksum (/vendor/wirecard/magento2-wcp/Helper/Data.php) generates incorrect checksum for the response (from bank).

Two properties used to calculate checksum are changed on submit order (probably here /vendor/magento/module-quote/Model/QuoteManagement.php:497 $this->quoteRepository->save($quote);)

1. $quote->getBaseGrandTotal
2. $item->getPrice

for example table quote before submit: '563', '1', '2016-11-16 21:57:50', '0000-00-00 00:00:00', NULL, '1', '0', '0', '1', '1.0000', '0', '0.0000', '0.0000', 'EUR', 'EUR', 'EUR', '13.3500', '13.3500', NULL, '1489', '3', '1', 'test.mj+mj@gmail.com', 'Herr', 'mm', NULL, 'COMPANY', NULL, NULL, NULL, '1', '0', '127.0.0.1', NULL, NULL, NULL, NULL, 'EUR', '1.0000', '1.0000', NULL, NULL, '7.6800', '7.6800', '7.6800', '7.6800', '1', '0', NULL, '0', NULL

and after: '563', '1', '2016-11-16 21:57:50', '2016-11-16 22:06:26', NULL, '0', '0', '0', '1', '1.0000', '0', '0.0000', '0.0000', 'EUR', 'EUR', 'EUR', '13.3500', '12.5800', NULL, '1489', '3', '1', 'test.mj.+mj@gmail.com', 'Herr', 'mm', NULL, 'COMPANY', NULL, NULL, NULL, '1', '0', '127.0.0.1', NULL, '200001837', NULL, NULL, 'EUR', '1.0000', '1.0000', NULL, NULL, '7.6800', '6.9800', '7.6800', '6.9800', '1', '0', NULL, '0', NULL

table quote_item before: '1230', '563', '2016-11-16 21:57:50', '0000-00-00 00:00:00', '49', '1', NULL, '0', '566909', 'Product-1', NULL, NULL, NULL, '0', '0', '500.0000', '1.0000', '7.6800', '7.6800', NULL, '0.0000', '0.0000', '0.0000', '10.0000', '0.7700', '0.7700', '7.6800', '7.6800', '0.0000', '500.0000', 'simple', NULL, NULL, NULL, NULL, NULL, '8.4500', '8.4500', '8.4500', '8.4500', '0.0000', '0.0000', '0', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL

after: '1230', '563', '2016-11-16 21:57:50', '2016-11-16 22:06:26', '49', '1', NULL, '0', '566909', 'Product-1', NULL, NULL, NULL, '0', '0', '500.0000', '1.0000', '6.9800', '6.9800', NULL, '0.0000', '0.0000', '0.0000', '10.0000', '0.7700', '0.7000', '7.6800', '6.9800', '0.0000', '500.0000', 'simple', NULL, NULL, NULL, NULL, NULL, '8.4500', '7.6800', '8.4500', '7.6800', '0.0000', '0.0000', '0', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL

I changed my code on:

public function calculateQuoteChecksum($quote)
    {
        $data = round($quote->getGrandTotal(), $this->getPrecision()) .
                $quote->getBaseCurrencyCode() .
                $quote->getCustomerEmail();

        foreach ($quote->getAllVisibleItems() as $item) {
            /** @var \Magento\Quote\Model\Quote\Item $item */
            $data .= $item->getSku();
            $data .= round($item->getRowTotal(), $this->getPrecision());
            $data .= round($item->getTaxAmount(), $this->getPrecision());
        }

it works, but it's not good solution. I don't understand why some fields/values are changed on submit (table: quote and quote_item).

do you have any idea how to resolve this problem ? :)

[mjankiewicz]

maybe better solution is add new field 'hash' to table 'quote' and update record with quote here /vendor/wirecard/magento2-wcp/Model/AbstractPayment.php:245 after: $init->quoteHash = $this->_dataHelper->calculateQuoteChecksum($quote);

In this case we will have to change just method \Wirecard\CheckoutPage\Helper\Data->compareQuoteChecksum

for ex: public function compareQuoteChecksum($quote, $his) { if ($quote->getHash() != $his) { $this->_logger->debug(METHOD . ':quote checksum mismatch');

        return false;
    }

    return true;
}

is the bad idea ? :)

[jakubpolomsky]

Hi! the first solution you proposed is actually the correct one. If you take a look at this magento thread (it's v1.7 but the explanation remains) where it's explained what the difference is. When the quote is checked after the payment, the price gets converted to the base price of the shop. Whatever it is, it doesn't necessarily have always be the same. Therefore please use the first solution, it will be taken into account in the next release.