Card verifications ignore Merchant Account ID

Created on 30 March 2022, over 2 years ago

Updated 23 August 2023, about 1 year ago

Problem/Motivation

Verifications, and thus Braintree transactions, are failing when the API key is assigned to a user that doesn't have acces to the Marketplace Master Merchant (default) Merchant Account ID

In a large organization, there might be several Merchant Account IDs that subdivide a larger Braintree account. There is also a Marketplace master merchant (default) Merchant Account ID.

The merchant account ID is a unique identifier for a specific merchant account in your gateway, and is used to specify which merchant account to use when creating a transaction.

Verifications are happening under the default master merchant account, even when a different merchant account is specified. All transactions will fail if the API user doesn't have access to that master merchant account (common in a large organization).

Steps to reproduce

Make sure there are at least two merchant account IDs defined in a Braintree environment. Create a user that has access to only the non-default/master Merchant Account ID. Also make sure that user has the following in their role:

Customer Management
- Manage Customers and Payment Methods (Add/Edit/Delete)
- Download Vault Records with Masked Payment Data

Attempt to add a credit card in checkout. On submit, the credit card verification will fail with: "Verifications are not supported on this merchant account"

If you allow the user to have access to "all" Merchant Account IDs, the verifications will succeed, but the verifications will be linked to the default master merchant account id instead of the one provided on the payment gateway definition. This is not desirable or allowable in many organizations.

Proposed resolution

Make sure verifications are happening against the defined/provided merchant account id.

🐛 Bug report

Status

Closed: outdated

Version

1.0

Component

Code

Created by

🇺🇸United States aajones

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment about 1 year ago →
🇭🇷Croatia valic Osijek
Work-related for resolving merchant ID's properly per currency is fixed within 3345876: Allow specifying merchant id when generating client token. 🐛 Allow specifying merchant id when generating client token. Fixed

Along with that, we added a property to flag with which merchant ID payment is verified'verificationMerchantAccountId' => $merchant_id,

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024