Tokenize PAN before request and add ecomind value

  • tharmann

    (@tharmann)


    3 years ago

    Hello!

    First things first: thank you so much for developing this extension. It’s the only one we found that met the criteria for a client’s integration and it works well in both live and uat environments. That being said, we just went through the user acceptance testing (UAT) for this client to go live and hit some issues with requirements to get accepted that were not possible with this extension:
    1. Tokenizing the CC no. (PAN) before sending the authorize request
    2. Adding an “ecomind” value to the authorize request

    At first these were presented to us as “suggestions” but as the process went on it became clear that we would not be able to go live without meeting these requirements (unless we wanted to pay a 3rd party for level 1 or 2 PCI). These might be new requirements or something, I don’t know. At any rate, I made some changes to the class-gravityforms-cardconnect.php (lines 680-716) in the extension to meet these requirements. Below is the code that I added. The ecomind is an easy one-line addition to the request array. They told me that it could always be set to ‘E’ since it’s eCommerce we are dealing with. Tokenizing the CC no., however, is a bit more involved and requires an API call to a different endpoint before sending the actual auth request. That API call is very simple, though, and only requires one param.

    I know this is a bit of a hack to get up and running so I wanted to inquire about getting these changes added to the official code of the extension. Maybe at the very least you could wrap the request array in an apply_filter() call so that we have an official way to modify the data?

    Let me know what you think.

    Thank you again,
    Tate

    $url = 'https://xxx-uat.cardconnect.com/cardsecure/api/v1/ccn/tokenize';
$account = rgar( $submission_data, 'card_number' );
$data = json_encode( array( 'account' => $account ) );
$ch = curl_init( $url );
curl_setopt( $ch, CURLOPT_CUSTOMREQUEST, 'POST' );
curl_setopt( $ch, CURLOPT_POSTFIELDS, $data );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Content-Length: ' . strlen( $data ) )
);
$result = curl_exec( $ch );
curl_close( $ch );
$result = json_decode( $result, true );
$token = $result['token'];

$request = array(
	'merchid'  => $this->get_merchant_id(),
	'accttype' => $card_type,
	'account'  => $token,
	'expiry'   => sprintf(
		'%02d%02d',
		rgars( $submission_data, 'card_expiration_date/1' ),
		rgars( $submission_data, 'card_expiration_date/0' )
	),
	'cvv2'     => rgar( $submission_data, 'card_security_code' ),
	'amount'   => $this->get_amount_export( $submission_data['payment_amount'], rgar( $entry, 'currency' ) ),
	'currency' => rgar( $entry, 'currency' ),
	'name'     => rgar( $submission_data, 'card_name' ),
	'street'   => rgar( $submission_data, 'address' ),
	'city'     => rgar( $submission_data, 'city' ),
	'region'   => rgar( $submission_data, 'state' ),
	'country'  => rgar( $submission_data, 'country' ),
	'postal'   => rgar( $submission_data, 'zip' ),
	'tokenize' => 'Y',
	'ecomind'  => 'E'
);
Viewing 1 replies (of 1 total)
  • Plugin Author cornershop

    (@cornershop)

    @tharmann Thanks so much for this! We’ve filed a task to look into your work and will follow up with more ASAP.

Viewing 1 replies (of 1 total)
  • The topic ‘Tokenize PAN before request and add ecomind value’ is closed to new replies.