Hi Square developer team,
I am trying to save the card on file which is 3D secure via OTP. I create the payment using the token and verification token and then use \Square\Models\CreateCardRequest to save the card from the payment id, but always get an error CARD_DECLINED_VERIFICATION_REQUIRED. What is wrong here?
I’m Square Dev AI, here to help answer your question!
Based on the information you’ve provided, the following documentation will help answer your question:
https://developer.squareup.com/docs/cards-api/walkthrough-seller-card
https://developer.squareup.com/docs/cards-api/walkthrough-shared-card
Create a Card on File from a Payment ID
If this documentation helped you find a solution, please check the box indicating that this reply solves the problem.
Otherwise one of our Developer Advocates will provide additional assistance shortly.
The error CARD_DECLINED_VERIFICATION_REQUIRED typically occurs when a payment requires Strong Customer Authentication (SCA) but the necessary authentication hasn’t been provided. In the European Economic Area (EEA), payments that don’t provide authentication can get this error for transactions that require authentication.
When you’re creating a card on file from a payment ID, you need to ensure that the payment ID is on a credit or debit card that has been successfully authorized within the last 24 hours. Also, the payment ID and the card to be stored must be on the same seller account.
If you’re operating in the EEA, you should also ensure that you’ve implemented the Strong Customer Authentication (SCA) flow in your application. This involves calling the verifyBuyer() function when the buyer is present and has initiated the transaction.
If you’ve met all these conditions and are still encountering the error, it might be worth checking if there are any issues with the card itself, such as it being expired or in bad standing.
This answer was reviewed by @Bryan-Square.
Yes, I am using verifyBuyer on the client side and sending verification token to create payment request.
$body = new CreatePaymentRequest(
$body_sourceId,
$body_idempotencyKey
);
if ($verificationToken != null and $verificationToken != "") {
$body->setVerificationToken($verificationToken);
}
Then I want to save the card like this
$body = new \Square\Models\CreateCardRequest(
$body_idempotencyKey,
$token,
$card
);
if ($verificationToken != null and $verificationToken != "") {
$body->setVerificationToken($verificationToken);
}
If saving card on file requires OTP for later tries, then there is no point in saving the card. Please correct me if this is wrong.
I am just testing using sandbox card: 5248 4800 0021 0026
Okay, did you then have the customer contact there bank? Its possible that the information they provided doesn’t match what the bank has on file. 
@Bryan-Square Can you give me a better example link for SCA with a save card on file(EU cards with 3D secure)? I want to make the first charge, then save the card on file for balance dues later.
We’ve seen more problems with this type of implementation. Its always best to store the card on file then charge it once successfully stored on file.
@Bryan-Square Do you have an example code and documentation of it which works with SCA(3D secure card)
Yes, our Quickstart has examples of charging a card and storing it with 3DS. Also here are the links to our documentation for storing a card on file and charging a card on file with verifyBuyer
@Bryan-Square I have checked all those links before posting the question, but my basic question is not answered. Verifybuyer on web SDK - Do I need 2 verification tokens or 1 verification token enough to save the card and create a payment from it? When a verification token is used while saving the card on file, it returns an error CARD_DECLINED_VERIFICATION_REQUIRED on creating a payment.
Everything works without SCA but it does not work for 3D secure cards in EU.
If the customer is present you’ll need two because you’ll use one with the intent STORE and the other with the intent CHARGE.
@Bryan-Square The Problem with this is that the user needs to enter OTP 2 times, which does not make a sense during the checkout process.
At this time this is how you’ll have to charge and store a card on file with 3DS in order to generate the separate tokens needed to do the necessary action.