Implications of not verifying buyer?

I need some advice on the flow when creating payments for my app. My app is built in Xamarin, so I have implemted payments through the mobile browser, which works perfectly fine. The browser is only used to send card details and return a nonce (the card is then saved by Square for future payments), and the browser is also used to verify the customer eg 3D Secure etc. Everything else is done by the back end API.

When I save a card, I call the verifyBuyer, which using the test cards sometimes shows the banks security page and sometimes not… all good so far.

Now when I pay within the app, this is done from the app itself (not the browser). I show a list of “last 4 digits” from the saved cards in Square and let the customer decide before paying. The problem I now have is regarding the bank 3D security page. I will have to do this in a seperate page from the browser… but this page is not required every time by the bank… so do I need to show this to my customer and call verifyBuyer every time? Is it possible to attempt to process the payment without running verifyBuyer and only re-attempt the payment with the verifyBuyer if it returns CARD_DECLINED_VERIFICATION_REQUIRED? Also if this is possible, are their any legal or otherwise implications of not running verifyBuyer on the payment (verifyBuyer has been run when storing the card).


ps - There is another option… to run the verifyBuyer without showing the browser to the user (yet) and only show the user if the bank requires further action… is there any event I can hook into to determine if the user needs to take further action, so I can trigger a visible=true only in this case?

In general, Square’s recommendation is to always call verifyBuyer when the customer is present to be on the safe side, unfortunately.

1 Like