Certain bank cards don't work with this library

Question

Certain bank cards don't work with this library

sandyscoffable opened this issue 6 years ago · 1 comments

A few of our customers have ran into the following error:

We have a 3-D Secure success rate of 91-92% on Android, and on our other platforms they are all solidly around 95% (this is on a volume of around 20,000 transactions since I made the change in the Android app).

It seems to be an issue confined to certain banks. The cards affected seem to be Co-op and perhaps Clydesdale Bank and Capital One 🙀

Here are a few IINs that seem to be affected: 498824, 557351

Update - reproduced issue

I've been able to reproduce the issue here. When the library loads it seems to fairly quickly show the above Google page in the screenshot (without any sort of intervention required).

The code that extracts the PaRes from the HTML doesn't appear to be called (as I had debug code to spit out the HTML if that was hit). There are the following cryptic log lines though which might offer a clue:

2019-01-11 12:55:07.033 10790-12869/com.scoffable W/chromium: [WARNING:spdy_session.cc(2876)] Received RST for invalid stream1
2019-01-11 12:55:07.079 10790-10790/com.scoffable I/chromium: [INFO:CONSOLE(1)] "Uncaught TypeError: Cannot read property 'innerHTML' of undefined", source: https://www.google.com/ (1)

The above error points to an issue with this line of code:

view.loadUrl(String.format("javascript:window.%s.processHTML(document.getElementsByTagName('html')[0].innerHTML);", JavaScriptNS));

So, still not 100% sure why this is happening, but it's definitely an issue. The employee who has an affected card is off today, so I can't reproduce again until they are back in the office.

Answer 1 · 2019-01-17T16:13:37.000Z

After a world of pain this afternoon even getting the HTML to spit out, I captured the following HTML:

<html><head>
<title>Verified by Visa</title>
<meta http-equiv="Content-Type" content="text/html">
<meta http-equiv="Cache-Control" content="no cache">
<meta http-equiv="Pragma" content="no cache">
<meta http-equiv="Expires" content="0">
<link rel="stylesheet" href="en_GB_Coop_Smile_Debit/style.css" type="text/css">
<script language="javascript" src="en_GB_Coop_Smile_Debit/pwdcookies.js"></script>
<script language="Javascript">
<!--
var isAA = false;
var cookievalForAA = getCookie("AAFlag");
if(cookievalForAA != null)
{
	if(cookievalForAA == "true")
	{
		isAA = true;
	}
}
var failpage = false;
var cookieval = getCookie("ArcotCertegyAE_TrnStatus");
var closing = true;
var bankid = "coopsmile.gif";
setCookie("BANKID",bankid);
function OnPageInit()
{
	document.downloadForm.submitval.disabled = false;
}
function onBeforeUnloadHandler(object)
{
	if ( closing )
	{
		if (isAA)
		{
			event.returnValue = "Your activation has not completed!\nTo complete your activation click 'Continue'.";
		}
		else
		{
			event.returnValue = "Your purchase has not completed!\nTo complete your purchase click 'Continue'.";
		}
	}
}
if(cookieval != null)
{
    //alert("cookieval="+cookieval);
	if(cookieval == "fail")
	{
		failpage = true;
		setCookie("ArcotCertegyAE_TrnStatus","pass");
	}
	else if(cookieval == "createpwd")
	{
		if (!isAA)
		{
		var newwin = window.open('en_GB_Coop_Smile_Debit/postauthWelcome.htm','postAuthWelcome',
				'left=100000,top=100000,screenX=100000,screenY=100000,height=550,width=390,resizable=yes,scrollbars=yes');
			newwin.blur();
			window.focus();
			newwin.moveTo(100, 100);
			window.opener.focus();
		}
		delCookie("ArcotCertegyAE_TrnStatus");
	}
}
function download()
{
	closing=false;
	var CustData ="";
	if (2000 == 1001)
	{
		TheNewWin =window.open("en_GB_Coop_Smile_Debit/submitToES.htm",'TheNewpop',"height=420,width=390,scrollbars=yes,resizable=no,screenX=550,screenY=150,left=550,top=150");
		TheNewWin.blur();
		setTimeout("submitForm()",1000);
	}
	else
	{
		document.downloadForm.submit();
	}
}
function submitForm()
{
	closing=false;
	document.downloadForm.submit();
}
function OnSubmitHandler()
{
	closing=false;
	delCookie("AAFlag");
	document.downloadForm.submitval.disabled = true;
	document.downloadForm.submit();
	return false;
}
//-->
</script>
<script language="Javascript">
if(failpage)
{
	document.writeln ('<body TEXT="#51392B" LINK="#cc9966" VLINK="#FF0000" ALINK="#00FF00" onbeforeunload="onBeforeUnloadHandler(this);">');
	document.writeln ('<form name="downloadForm" action="https://www.google.com" method="POST" onload="OnPageInit()">');
	setTimeout("OnSubmitHandler()", 20000);
}
else
{
		document.writeln ('<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=utf8">');
		document.writeln ('<body TEXT="#51392B" LINK="#cc9966" VLINK="#FF0000" ALINK="#00FF00" onload="download();">');
		document.writeln ('<form name="downloadForm" action="https://www.google.com" method="POST">');
		document.writeln ('<center><b>Processing<big>&nbsp;&nbsp;.&nbsp;.&nbsp;.&nbsp;.</b></big></center>');
}
</script><meta http-equiv="content-type" content="text/html; charset=utf8"></head>
<body text="#51392B" link="#cc9966" vlink="#FF0000" alink="#00FF00" onload="download();">
<form name="downloadForm" action="https://www.google.com" method="POST">
<center><b>Processing<big>&nbsp;&nbsp;.&nbsp;.&nbsp;.&nbsp;.</big></b></center>
id=10347(u0_a347) com.scoffable identical 3 lines
<table width="100%" height="100%" cellpadding="0" cellspacing="0" border="0">
<!--<TR><TD COLSPAN="3"><IMG SRC="en_GB_Coop_Smile_Debit/images/spacer_clear.gif" WIDTH="1" HEIGHT="20" BORDER=0 ALT=""><BR></TD></TR>--><!-- Top 20 pixels of white space -->
	<tbody><tr>
		<td><img src="en_GB_Coop_Smile_Debit/images/spacer_clear.gif" width="20" height="1" border="0" alt=""><br></td><!-- Left 20 pixels of white space -->
		<td align="center">
			<!-- Content area -->
			<table width="330" height="340" cellpadding="0" cellspacing="0" border="0">
				<tbody><tr>
					<script language="javascript">
					if(failpage)
					{
						document.writeln ('<TD VALIGN="top" WIDTH="89" HEIGHT="51"><IMG name="vpasLogo" SRC="en_GB_Coop_Smile_Debit/images/vpas_logo.gif"  BORDER=0 ALT="Verified by Visa"><BR></TD><TD ALIGN="right" VALIGN="top" WIDTH="301" HEIGHT="51"><IMG name="memberLogo" src="en_GB_Coop_Smile_Debit/images/coopsmile.gif"  BORDER=0 ALT="memberLogo"><BR></TD>');
					}
					</script>
				</tr>
				<tr>
					<td colspan="2" valign="top" height="100">
						<!-- Text area -->
						<script language="javascript">
						if(failpage)
						{
							if (isAA)
							{
								document.writeln ('<IMG SRC="en_GB_Coop_Smile_Debit/images/spacer_clear.gif" WIDTH="1" HEIGHT="20" BORDER=0 ALT=""><BR>',
								'<IMG SRC="en_GB_Coop_Smile_Debit/images/hdr_password_failed.gif"  BORDER=0 ALT="Authentication Failed"><BR>',
								'<IMG SRC="en_GB_Coop_Smile_Debit/images/spacer_clear.gif" WIDTH="1" HEIGHT="30" BORDER=0 ALT=""><BR>',
								'<font Class="TextBlack">For your protection, we\'re unable to activate your card at this time.<BR>For more information contact Customer service.</font>');
							}
							else
							{
								document.writeln ('<IMG SRC="en_GB_Coop_Smile_Debit/images/spacer_clear.gif" WIDTH="1" HEIGHT="20" BORDER=0 ALT=""><BR>',
								'<IMG SRC="en_GB_Coop_Smile_Debit/images/hdr_password_failed.gif"  BORDER=0 ALT="Authentication Failed"><BR>',
								'<IMG SRC="en_GB_Coop_Smile_Debit/images/spacer_clear.gif" WIDTH="1" HEIGHT="5" BORDER=0 ALT=""><BR>',
								'<font Class="TextBlack">The authentication information you provided does not match our records for this Visa card. To ensure the highest level of security, this Visa card cannot be used to complete this purchase. You will be automatically returned to the online store so that you may enter another form of payment, or click Continue to proceed now.<BR><BR>Contact the Bank on 0870 843 2265.<BR><BR></font>');
							}
						}
						</script>
						<!-- Issuer speciffic info -->
						<br><br>
					<!-- Start of the continue button -->
						<div align="center">
							<img src="en_GB_Coop_Smile_Debit/images/spacer_clear.gif" width="1" height="4"><br>
							<script language="javascript">
							if(failpage)
							{
								document.writeln ('<INPUT TYPE="button" NAME="submitval" VALUE="Continue" onclick="OnSubmitHandler();">');
							}
							</script>
							<noscript>
							<INPUT TYPE="Submit" VALUE="Continue">
							</noscript>
						</div>
					<!-- End of the continue button -->
					</td>
				</tr>
				<tr>
				<td colspan="2">
				<!-- end copyright notice table-->
				</td>
				</tr>
			</tbody></table>
			<!-- End of content area -->
		</td>
		<!--<TD><IMG SRC="en_GB_Coop_Smile_Debit/images/spacer_clear.gif" WIDTH="20" HEIGHT="1" BORDER=0 ALT=""><BR></TD>--><!-- Right 20 pixels of white space -->
	</tr>
</tbody></table>
<input type="hidden" name="PaRes" value="eJzNWdnOo1iSvs+nKFVfWlXsBkrOX2IHYzD7dse+mMUGDJinH2xnZv1dnTPT3RqN2pIFxIkTJ05sXxw4WEWfpqyZxvc+/Tgo6TCEefpLmXz9FQYhDMVxFCSgPQbt9ziCkr9+HDTKSIcXQzPkv5N7Etnvfx/KvE2TbXRK+6Hs2g/od/B3+AB8f9wE93ERtuPHIYxvtKR+oOge2WMH4NvjoUl7if2AIRBESYLY4+DzdwDe5APw53zt/rwbNmWXMvkILSQ6mtxwKRLLE3Mr5sGjlkvmXhq+HoAnxyEJx/Rj2wwJQhD+C7T/AwT/gPAD8KIfrk9xVNPdN9kQuq34mXDYrNKnbfz4IOD9AfjxdEiXa9emG8e2xx/3B+BP3a5h+wF++qEYtgl4Ug+W93EYy+anOr3oh2EMx/vw4R+Ab3eHOJymD4qiaOZI6YFksMrDFk2avnCqIfOov+31xXJI4/ID3Mz6vL5mUXXe9eVYNE9V/55wAJ6qAC+HfhzMzYXbYn36y9LU7fD112Icr38AwDzPv8/I712fA/C2EQAkgY0h2Tz+t1/fs9JEarPuX5rGhG3XlnFYl2s4bgGipGPRJb/80O1nYizjKQkCDI75bRP1Wwyh7W9PCohA2CYT+LnQTzv7Z1b5q7L9EP42FCH0XOAvgj4ORpqlz4hIf7EN6euvf/tZRrBlng7jv7P092U/S/guzwnre/qBYPucrRAhR6bJvoPQLmcFBlOnWaW+fp/35jwAP3T9tpG31z5Z581oSilZrw4EPPCiFxvFCiw2ZyLU3FFUIkcx7aV7c2hBG7mpa8lrX+gs67v6mDrB3c3pq94QhqDrWf8gkkDDwh1998w6CxFlkK7uPcG+6HYFJLnmlRhcHelsvk0zshQaX8Gz3wWxQdb6Tt61PbIT1nmP776w4NGjGsNTDPmSTS1sXnUcCBTPTa66MNjc0sghS+JuvzSiodPDFysLlUagYbr0hZpwLjuF8e3yqnlAhOS3ynHZ1Be0DOErHTmRUfZFvklwHu36ItctNW0SAVcAi8SvjKsOEdpO8bkN7fUqPQBfpiTp+OV2wS6cNXsgieUiEc6L1Ru0LdNYyXGmZVHdGasK9aSUYzCdiYX7AuLhep+/fv3yKYq+eUZOH29PeBhIsuEYvu+YtB/LbAvnrUopksQnFsPQPJxTs0RTuWRQxzYgM4RtZCycoTvv3wnZy4mZ1f2j3AVSMcUqpXMnWqfm2OJOCnURKMjm6EJhHEdZWIs60bnq0FRn0XxwtEFuOa3U+KYN1rEOrjHM5aaLgYF3vPuecY1grIgY2tqe4dBVa4nj1xgmq9DlwdAl74opzRLls46us9xSu6GnFpLgsBEMjducKjDpY4yoUOhircSptEKjHmtxiMJelrPFoaqVLyrUPWnYX2hzHlALV1H6W7/YYuyxSIRi9F3sklicqdDUa38MrRxNeNNHgIqoMSBFH2ZGf+kkcPPxbLOfeAtl27fKSBzG2xyvKCY1i/mL98QtiZUI/D0Q+EfA0Gy4XRPBeQSunusNfw9XrlIY7iWHWpTwsxyJD+q4qZvQdS6ScMSkt33nPOdKhQIFxrwJphQhrM7RlG5TFCrR7Ew9x2Wq2/yrM95Duy55t5sm/jyd+jmW7lJ9PEpeE2M7ipno/Y5NRbuqupPcr/awkKx1whqxbMCJgR0svWC2AlT8MHvZbr4HfEOSrF0Dm83ITpp6cZGPQt8mFgqmsaceH22vl92pGXUIMur7jVvO+NS5ggzoYtorpdLL9flEz7eAB273Ms+nnAoVe94hgbY85i7ncIVIEWZyFuiOVbYL9HGowtfqDMuNEGv5VVliVievHB5HuTbiliStGZ4jO5KP2qaIfIBcLkdnsGkavDHXqUcv3rmQr/FtiMFibsdbm5/xHXTzFNbkDC7ZGbQCS0RKEOVx9g1nlysyLvuWRTROlZftqEsaKQf8Gap2yvl2BZWEyjfPU0KV51tlkyQareiazvOezjme1uPN7kag8PF81H1Jnn2a1m1RoQRBcAswEan96UFOPqLOp/aVG3cfJsfTFv8xQs2n/PMcWZCaH3PqqD1OkTDfk6ZefVctTo06RSZZP+dHJlYFnjSL8xZ3BljRdD7zHWUjhHJzTHTSq+teP8JmpyVimqRagXYzS714LUoXAZqSZopl6Ef+omW0JDKKJAAKU+bHG3UpymOXiMZ8LonJcLFHBC/DW3++8re1IxicAnvTxwXvPnIctrlmJwna9leKTjhGglHEbDedQOceN+QQMRj8zGv/2/7PlYKeTbKKKuh/zfeToJBb7RkixCadpy228ag1tlzBtrisp6jhB4lX63jTz4ftXPfUNYLV67v2oEO0Qq7pqLQGP3mMa9DU1TZW240Db3xvGZflGiP6zL3tWdPUPDOffLPVz5l920p7209nqTylFBp85nLC5rpL0yalRrM0Drtd3NvOMhB9yY1rkbW9WlHYswaJJsUpFTUrDCrQbrotw9EKY2/SP62Vcy4P/4gDJEHidwx8s3ssjNe/1gNmftcDSqdUde/tfNNiqPaCEPcI78YHwSMDdPLuSXRnr9AqhBi3o2XjvCvOO71RWl92FIjysKZ37lGbqnhiTJdmAutzThWqOA6zdrZvRzO+TKtAmPhc3pAW3HNBdNPC2uIpnPbiQSN1bD3pJR8Fk7I+RhNfQ7Qkod184zKOaJlGm2/hWUY1lRedfOzHe+JmWb6mj4uLgzMZGrnacGGrbkjInUQmIwOP7rqTh2C3R8ycT+oDjUUYFYiyLYNl64u4BEUTQoTxuLse1atX0sJOdmt6J8pgyRqUc88eJsBWnSShrelowxlHNQC4bmGw3E4k94D6R/JABhrW4BodJlr2WMzMJ31vEjhBaFvsLqGSGAfgr+j6U7gV1g1uqfOfcKsWoG/RNMAuXHdaBc+dYcKgfgq3GzT8/8CtMc9C/h1u1Z+lnxnBJPgNZiGF9R8qu12reFbrJ8xKjyftFcaWPz9h9j+2VdjKtVRRKp1fbsWlFMgZ3FKE4ynqzFA6QT3HmVze7jmqvzQMBuo74dLojwAmL/JyhZJde0SR4+wVQoCHPA9ppYKZNcOZOgzfHGArFMgs+r5GlBAObC2sr9Ilj9zRfl/dPUnk52qe5Aev8PtLQ/veFOshoSU4xjNQi2SZ1BdctauTqNlOnasMFlrmPzwuuLFXsbjc22Zi8dsK0Zwrc7hq+w5vcFl3dcqslksniP1eLPHteJfSqo8nj3xqJKUV7VRE1ZE1sVsGtCS7NdaZ82ix4uiWmJbSBN5a9VYU1qQq4bHCWwre+Yh2ko2jjTwgKYqLm1C33m0JQzm7WCd1KIMbqVmzHPYPcXdvkNHLsDva3OvVEM5uAds7+4Ke2rFReCYCTrfjxW1tJ93NEruVJLrbStNQMQwVov8AWbxVsuxKDBpCreIACUCeKtKZ9WY8nrn8M2Tl8wa5NPDMLfb/uJw+42D+DoWb/IqhgZWCO9bMlc6fQ9EA/yc4O0EvaGR191MsOht8I/obHtlHfr5RaFEFP2A12TQ5NfU9+UeIr+Jmnl5QZ6v0G2ahDe7UDbLIKWGw5/ic+2Ge++ftzwhZs1x877U//qdtg9WtZ/Yy+TD6HUJr/dlGuM7jCZlvucukOa88/XehFvBhZ2t3ny3sE1YdM/CCbc137lpCvSYsdX75TSdoKiO2PlbZcs+fRf1l+zNN+xyvAqxc2/cTKO3TC5NcbixiIK1Xoan838MeTfo7niTHQqTOxRJ0emyRTMR0rcOMUYMUbp3BLX1s76GedtmYnGV3rED/bFW4Zofy2c3mOApMkd4jvdKcSqfBg5vktIm7TDRtnCArzqM5zNn2lFO9rshi68N3Qc+0itsqH9W2buofs2QXG0en28uIgdKRLqy8KYZwCYf9Hui8VVIf4UJ5SSeAKLPCGqg1ewjZCua14h9+WZsAulXAFLIuwCQOVsvPfH0hNxedCKegw32FglkY8ndgn5UtTsjd9ULuczGhJBUaIwqCVbXp8UiHrvYAtrJYr
<input type="hidden" name="MD" value="20154774081651667349">
<input type="hidden" name="PaReq" value="eJxVUsFygjAQvfcrHD/AJIgBnSWO1qo40xaKh/YYQ1SmAkqg6N83Uag2p30vm7ebtwvjc3ro/MhCJXnmdUkPd8fsCdb7QspZJEVVSAavUim+k50k9roWJgPbcWzsEjoglDp9e9hlEEw+5IlBI8S0Ts8C1EKtUIg9z0oGXJym/huzbdqnA0ANhFQW/oxZBGN76LrUweYAutGQ8VSySOTbLd8cJAF0JUDkVVYWF+ZaFFALoCoObF+WxxFCdV33VPusJ/IUkLkFdO8nqEyktNo5iRlf9zer6EV97+P153K3FnO8CnZ+RH3lATIZEPNSMu3CEBPidAgdYTwiDqArDzw1bTBi6+abGI6mxOTh4pEAbXEhM9H+okUgz8c8kzpD+/gXQyyVYJEZRsAvndfA14UNBej+keelsVmU2rnpInyPBvNLuEj7+KjS3E1O9SScT8Mvz5h/TTKlEu2cdv9WywBARgY1c0XNCujo32r8ArB5u0o=">
</form>
</body></html>

The end of the PaRes line is truncated due to it hitting the log line length on Android, so I can assume that's well formed ...

So, the library isn't calling the processHTML method, and I reckon it's due to the initialPageLoadCompleted stuff that I added in to improve the loading time of the form behind the scenes 🤦‍♂️

Now that I have a good idea why this isn't working, I'll have a crack at fixing it.