cid=51167110 has two new ones:

I am investigating with Ingenico as we seem to have a number of these since Jan:

Ingenico advises:

Every rejected settlement had an incorrect soft descriptor (in another language) that caused the acquirer to reject the settlements.
Image_2021-05-26_12-59-58.png

However, the very next transaction processed for the customer had the correct descriptor and the transaction processed successfully.
Image_2021-05-26_13-04-35.png

I looked at other examples and see the Japanese descriptor is tied to these rejects as Ingenico is saying

I am still not clear how a Japanese descriptor in Japan is a problem so making further inquiries!
When sending over descriptors, even invalid characters could cause an acquirer to reject the payment, thinking it's fraudulen

It seems In this case, it doesn't appear that JCB is able to interpret these descriptor characters. Every transaction with these characters was refused by the acquirer/JCB.

We didn't get a chance to include this in the current sprint. But if these are not legit transactions, we can make sure they don't get to civi. It's probably still worth a few minutes of time from an engineer to be sure what's going on here.

Thanks Evelyn and David.

if these are not legit transactions, we can make sure they don't get to civi.

4010153196 is another one from today, which looks very suspect, but I think plenty of these may be legit,. The question of legitimacy seems separate from why they are reaching Civi and why the other parties are tripping over the descriptors.

Hi, did you see my note above? These are legit transactions but being rejected by the issuer due to the descriptor characters.

I did, this one in particular looks like fraud, though, so maybe the issue affects legit and fraud?

Since we are sending the descriptor, I believe it would on any transaction.

Sorry our definitions of legit might be off. Civi should only hold records of completed donations. If these are not settling completely then we don't get the money and they would throw off our totals and reconciliation.

Now the question is why are they failing. Thanks for following up with the psp. Fr-tech will try to get to this soon. Maybe we can uncover something on our end.

+1 Thanks, y'all

Makes sense David. Thanks for clarifying "legit". A legitimate concern!

Just as a reconciliation headsup, some of the fraud getting through to Civi are coming from people testing non-trivial amounts:

The CIDs associated with these recent transactions include cid=51192645, cid=51192553, cid=51170085, and cid=51179870. They overlap with cards and email addresses from a known fraud victim, cid=50631006.

Some more:

From sprint priorities:
Evelyn is working with Ingenico to determine why some card descriptor errors cause bank rejections to reach Civi. The total number of these not-real donations in Civi is not giant, but some of the fraudulent rejections are for large $ amounts - could we make a script to delete these from Civi once the problem is solved?

update: fr-tech still might not have much to do here but we're available to be in communications/emails about this. we could devote an hour of looking in the logs but we might not have much to help with here.

Per @Ejegg the donors will get to the TY page but they won't be debited so we probably won't get a lot of reports from donors.

Thank you! Knowing the donors will see the TY page should reduce Zendesk traffic about this.

Hi, I am making a note here re: Ingenico's findings on this matter. It appears JCB is rejecting Japanese descriptors, when it went through in English, they do not reject it:

Every rejected settlement had an incorrect soft descriptor (in another language) that caused the acquirer to reject the settlements.
Image_2021-05-26_12-59-58.png

However, the very next transaction processed for the customer had the correct descriptor and the transaction processed successfully.
Image_2021-05-26_13-04-35.png

When sending over descriptors, even invalid characters could cause an acquirer to reject the payment, thinking it's fraudulent.

So in ja.json, we have now changed the description line for both one-time and monthly donations to 'donate@wikimedia.org'. Hopefully this will fix the problem for the Japan campaign.

We still have some non-latin characters in our descriptor in other languages. Do we need to clear those out too or is this just a problem for Japan / JCB?

Thank you @Ejegg I checked with Evelyn and we think it would be good to clear the others out as well. The status 190s we saw in 2018 did include other currencies and card types. If I can spin that off into a separate Task, please let me know.

@MBeat33 yeah another task for that part would be good

Hi @EMartin it looks like that's the zh-hans language rather than Japanese. We're fixing that one along with the rest of the non-latin character sets as T285499.