braintree/braintree-web

verifyCard options must include a BIN.

rysi3k opened this issue · 1 comments

rysi3k commented

General information

  • SDK version: 3.93.0
  • Environment: Sandbox
  • Browser and OS - each

Issue description

After upgrading above 3.90.0 when we try to do some extra sales, not dependent on the existed subscription of user it causes "verifyCard options must include a BIN." error.
Our flow:

  1. User setups subscription, we make calls:
braintree.client.create({
    authorization: clientToken,
})
//....
 braintree.hostedFields.create({
client: client,
})
//...
braintree.threeDSecure.create({
      client,
      version: 2,
    })
 //...
hostedFields.tokenize((err, payload) => {
 threeDSecureInstance.verifyCard({
          amount: 6.99,
          bin: payload.details.bin, //payload from hostedFields
          nonce: payload.nonce,

          onLookupComplete: function(data, next) {
            console.log('on lookup complete', data)
            next()
          }
        }, (err, verification) => onThreeDSecureVerification(err, verification, payload))
});

and we are storing on backend payment method token: paymentMethod.creditCard.token in DB.
2. When a user wants to buy something (we do NOT generate hostedfields because user has already existed payment method), we are taking the token from DB and create nonce:

gateway().paymentMethodNonce.create(paymentMethodToken)`

The nonce is passed into verifyCard

const threeDSecureVerification = await bt3ds.verifyCard({
      amount: 123,
      nonce, // nonce from request above
      challengeRequested: true,
      onLookupComplete: (data, next) => next()
    })

and here lies the confusion - after upgrade above 3.90.0 verifyCard requires bin parameter as well. I see that it could be taken from gateway().paymentMethodNonce.create() and it works.

Is this a good approach? Or something should be changed on our side? I'm asking because we get error 'Merchant account does not support 3D Secure transactions for card type.' when passing verifyCard=true during transaction.sale api call. Changing it to false allows passing the transaction (on sandbox on card 4111 1111 1111 1111)

Thanks for any help.

hollabaq86 commented

Hey @rysi3k BIN is required for 3D Secure v2 flows, as this is how our MPI provider CardinalCommerce derives the correct issuing bank for collecting device data that's required for 3D Secure v2.

If you have additional questions about 3DS workflows, please contact Support, as they are well versed in the nuances of all the different 3DS workflows out there.