|
mpwebdesigns
|
October 21, 2020 at 10:55 am
We had someone register for an event and the payment was processed successfully on Cybersource, but Event Espresso denied the transaction with the Gateway response: “Signature verification Failed !”. The user ended up paying 4 times and was charged 4 times and has bank statements to prove this. After talking with Cybersource they have said to contact Event Espresso Developers.
|
|
Tony
|
October 22, 2020 at 4:21 am
Hi there,
First, a quick explanation on where that error comes from.
When Cybersource send a response back to your site it has a ‘signature’ value that is generated on their end and because it uses specific fields and your accounts ‘secret key’ to generate that signature we can use those same fields to re-generate the signature on your server and compare the value we get with the value on the request. If those don’t match you get the ‘Signature verification Failed !’ error.
The reason for the above check is due to the fact that requests can be modified but your ‘secret key’ is used as one of the values to generate the signature, which only you and Cybersource know for your account. So if someone modifies the request they don’t have your secret key and therefore can not generate a valid signature to validate with.
Now, I can’t tell you why you are getting the above error from the above info but if I can take a look in your payment logs I can se if any stands out.
To do that I’ll need a temp admin account which you can send using this form:
https://eventespresso.com/send-login-details/
If if you prefer not to send an account I can talk you through how to find the info and you can send it by email.
|
|
Tony
|
October 23, 2020 at 8:32 am
Ok, so this is odd.
You don’t get that error on every payment, meaning the way in which we validate the signature works, otherwise, every payment would fail validation.
I can’t see anything different between payments that fail and payments that complete other than the fact that the signature value sent from Cybersource does not match the signature we generate to confirm the request (which is why you are getting the error). The payment shows in the logs that it is accepted and authorized but unless that signature validates you’ll get the above error.
I’m checking in with our developers on this to see if I’m missing anything.
Do you have a contact at Cybersource that is familiar with your account?
|
