https://community.developer.cybersource.com/t5/Integration-and-Testing/Accept-js-duplicate-detection-and-CVV-code/m-p/58020#M32697 <P>Hi&nbsp;<a href="https://community.developer.cybersource.com/t5/user/viewprofilepage/user-id/21165">@willimus</a>,</P> <P>&nbsp;</P> <P>What you've reported isn't something you'd see only&nbsp;with Accept.js, but with all uses of the API. As part of PCI-DSS requirements, the card code can't be stored by anyone in the process of using that card, so we don't store it either. Since we don't store it, we have nothing to compare the card code in the subsequent transaction to. The workaround is as you've described: Either lowering the duplicate window for the account, or sending&nbsp;<SPAN>duplicateWindow set to a low value for transactions using the card code.</SPAN></P> <P>&nbsp;</P> <P><SPAN>I'd love to find a way around this for the future, though. I don't know for sure that the PCI-DSS requirements would permit this, but I'd love to instead compare a hash of the first transaction&nbsp;<EM>including card code</EM> to a hash of the subsequent transaction.</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>I'd encourage you to post this onto our <A href="https://community.developer.cybersource.com/t5/Ideas/idb-p/ideas" target="_self">Ideas Forum</A> where others can take a look, contribute feedback, and vote for new features. That can help make a stronger case for such an improvement in the future.</P> Tue, 09 May 2017 16:49:42 GMT Aaron 2017-05-09T16:49:42Z https://community.developer.cybersource.com/t5/Integration-and-Testing/Accept-js-duplicate-detection-and-CVV-code/m-p/58003#M32684 <P><SPAN>We have encountered a problem in the sandbox and live gateway that the CVV code does not work as expected regarding duplicate transaction checking. If a customer enters an invalid CVV code and submits the payment, the attempt is declined as expected (according to the merchant's CVV settings). &nbsp;If the customer then immediately corrects the CVV code and submit the payment again, the customers see the duplicate transaction error message. The customer then has to wait for the duplicate transaction window to expire (120 seconds by default we believe) and then attempt the payment again. We have not found any other fields that cause the same issue. &nbsp;If we enter an invalid credit card number and then we correct the card number, the second attempt is not considered a duplicate. If we enter an invalid zip code and then correct the zip code, the second attempt is not considered a duplicate.</SPAN></P><P><BR /><SPAN>Due to the CVV/duplicate detection issue, we are lowering our duplicate detection window to 10 seconds (and we'd like to leave this at the default value).</SPAN></P> Mon, 08 May 2017 14:39:06 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Accept-js-duplicate-detection-and-CVV-code/m-p/58003#M32684 willimus 2017-05-08T14:39:06Z https://community.developer.cybersource.com/t5/Integration-and-Testing/Accept-js-duplicate-detection-and-CVV-code/m-p/58020#M32697 <P>Hi&nbsp;<a href="https://community.developer.cybersource.com/t5/user/viewprofilepage/user-id/21165">@willimus</a>,</P> <P>&nbsp;</P> <P>What you've reported isn't something you'd see only&nbsp;with Accept.js, but with all uses of the API. As part of PCI-DSS requirements, the card code can't be stored by anyone in the process of using that card, so we don't store it either. Since we don't store it, we have nothing to compare the card code in the subsequent transaction to. The workaround is as you've described: Either lowering the duplicate window for the account, or sending&nbsp;<SPAN>duplicateWindow set to a low value for transactions using the card code.</SPAN></P> <P>&nbsp;</P> <P><SPAN>I'd love to find a way around this for the future, though. I don't know for sure that the PCI-DSS requirements would permit this, but I'd love to instead compare a hash of the first transaction&nbsp;<EM>including card code</EM> to a hash of the subsequent transaction.</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>I'd encourage you to post this onto our <A href="https://community.developer.cybersource.com/t5/Ideas/idb-p/ideas" target="_self">Ideas Forum</A> where others can take a look, contribute feedback, and vote for new features. That can help make a stronger case for such an improvement in the future.</P> Tue, 09 May 2017 16:49:42 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Accept-js-duplicate-detection-and-CVV-code/m-p/58020#M32697 Aaron 2017-05-09T16:49:42Z https://community.developer.cybersource.com/t5/Integration-and-Testing/Accept-js-duplicate-detection-and-CVV-code/m-p/72515#M44794 <P>Hello, how were you able to lower the detection window? I can't seem to find this in the docs. Thank you</P> Wed, 15 Jul 2020 15:26:50 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Accept-js-duplicate-detection-and-CVV-code/m-p/72515#M44794 carlargentdev1 2020-07-15T15:26:50Z