Unable to add customer card - INVALID_REQUEST_ERROR / INVALID_CARD_DATA / source_id

DeanPP · December 15, 2023, 3:57am

We are seeing issues with card creation (POST /v2/cards) using the web SDK (version 2023-10-20).

The following error is being reported: Invalid card data (source_id).

We are successfully storing cards (350+ in the past month) with 63 reported failures like this during the same period.

Below is our latest example of failure:

{
    "idempotency_key": "657b4dede6112",
    "source_id": "cnon:CBASEExIK5JYkJ5aSDFgJzenV6Q",
    "card": {
        "billing_address": null,
        "cardholder_name": "",
        "customer_id": "JR3QTAR3R0KKKHMZBMY8V59CB0"
    }
}

This is under application ID sq0idp-mWRA6OZ7ff-zyPi24pIY1A.

Is there a way to get more information to better understand what is happening?

Any assistance will be greatly appreciated.

Square-Dev-AI · December 15, 2023, 3:58am

I’m Square Dev AI, here to help answer your question!
Based on the information you’ve provided, the following documentation will help answer your question:

Additional Documentation

Cards API Overview
Manage Customer Cards on File
Card Payments

If this documentation helped you find a solution, please check the box indicating that this reply solves the problem.
Otherwise one of our Developer Advocates will provide additional assistance shortly.

Bryan-Square · December 15, 2023, 4:57pm

The invalid card data error means that the card information that was tokenized by the Web payments SDK was invalid. This is often caused by a customer incorrectly inputing the card information. You’ll need to have the customer re-enter their information and try again.

We specifically return this generic error so bad actors don’t take advantage of a specific incorrect field like CVV or AVS for malicious purposes.

DeanPP · December 17, 2023, 9:10pm

Your reply helped me to understand more about Square’s tokenise process, which led me to find this: Even if the CVV of the credit card is wrong, a token can be generated, is this correct behavior? - #2 by Bryan-Square

So basically, the card tokenisation generated from Square’s card web form will tokenise both valid AND invalid cards. It’s not until the cards API step that the card details are truly validated. Is that correct?

Bryan-Square · December 18, 2023, 6:23pm

Yes, this is the correct behavior with the tokenized card.

Topic		Replies	Views
Need urgent help with 400 response INVALID_REQUEST_ERROR Questions payments-api , cards-api	9	181	September 12, 2024
Invalid card data - field: source_id in Production Questions web-payments-sdk , cards-api	5	913	January 22, 2024
Passing payment ID to card's source ID causing INVALID_CARD_DATA Questions payments-api , cards-api	8	1614	March 28, 2023
INVALID_CARD_DATA problem Questions cards-api	8	4359	February 23, 2022
Create card error, "INVALID_REQUEST_ERROR" Questions sandbox , cards-api	2	1166	January 4, 2023

Unable to add customer card - INVALID_REQUEST_ERROR / INVALID_CARD_DATA / source_id

Related topics