activemerchant 1.56.0 → 1.66.0

data/lib/active_merchant/billing/gateways/nmi.rb

@@ -30,7 +30,7 @@ module ActiveMerchant #:nodoc:
       def purchase(amount, payment_method, options={})
         post = {}
         add_invoice(post, amount, options)
-        add_payment_method(post, payment_method)
+        add_payment_method(post, payment_method, options)
         add_customer_data(post, options)
         add_merchant_defined_fields(post, options)
 
@@ -40,7 +40,7 @@ module ActiveMerchant #:nodoc:
       def authorize(amount, payment_method, options={})
         post = {}
         add_invoice(post, amount, options)
-        add_payment_method(post, payment_method)
+        add_payment_method(post, payment_method, options)
         add_customer_data(post, options)
         add_merchant_defined_fields(post, options)
 
@@ -59,6 +59,7 @@ module ActiveMerchant #:nodoc:
       def void(authorization, options={})
         post = {}
         add_reference(post, authorization)
+        add_payment_type(post, authorization)
 
         commit("void", post)
       end
@@ -67,6 +68,7 @@ module ActiveMerchant #:nodoc:
         post = {}
         add_invoice(post, amount, options)
         add_reference(post, authorization)
+        add_payment_type(post, authorization)
 
         commit("refund", post)
       end
@@ -74,7 +76,7 @@ module ActiveMerchant #:nodoc:
       def credit(amount, payment_method, options={})
         post = {}
         add_invoice(post, amount, options)
-        add_payment_method(post, payment_method)
+        add_payment_method(post, payment_method, options)
         add_customer_data(post, options)
 
         commit("credit", post)
@@ -82,7 +84,7 @@ module ActiveMerchant #:nodoc:
 
       def verify(payment_method, options={})
         post = {}
-        add_payment_method(post, payment_method)
+        add_payment_method(post, payment_method, options)
         add_customer_data(post, options)
         add_merchant_defined_fields(post, options)
 
@@ -92,13 +94,18 @@ module ActiveMerchant #:nodoc:
       def store(payment_method, options = {})
         post = {}
         add_invoice(post, nil, options)
-        add_payment_method(post, payment_method)
+        add_payment_method(post, payment_method, options)
         add_customer_data(post, options)
         add_merchant_defined_fields(post, options)
 
         commit("add_customer", post)
       end
 
+      def verify_credentials
+        response = void("0")
+        response.message != "Authentication Failed"
+      end
+
       def supports_scrubbing?
         true
       end
@@ -125,7 +132,7 @@ module ActiveMerchant #:nodoc:
         end
       end
 
-      def add_payment_method(post, payment_method)
+      def add_payment_method(post, payment_method, options)
         if(payment_method.is_a?(String))
           post[:customer_vault_id] = payment_method
         elsif(card_brand(payment_method) == 'check')
@@ -135,7 +142,7 @@ module ActiveMerchant #:nodoc:
           post[:checkaccount] = payment_method.account_number
           post[:account_holder_type] = payment_method.account_holder_type
           post[:account_type] = payment_method.account_type
-          post[:sec_code] = 'WEB'
+          post[:sec_code] = options[:sec_code] || 'WEB'
         else
           post[:payment] = 'creditcard'
           post[:firstname] = payment_method.first_name
@@ -182,7 +189,13 @@ module ActiveMerchant #:nodoc:
       end
 
       def add_reference(post, authorization)
-        post[:transactionid] = authorization
+        transaction_id, _ = split_authorization(authorization)
+        post[:transactionid] = transaction_id
+      end
+
+      def add_payment_type(post, authorization)
+        _, payment_type = split_authorization(authorization)
+        post[:payment] = payment_type if payment_type
       end
 
       def exp_date(payment_method)
@@ -203,13 +216,21 @@ module ActiveMerchant #:nodoc:
           succeeded,
           message_from(succeeded, response),
           response,
-          authorization: response[:transactionid],
+          authorization: authorization_from(response, params[:payment]),
           avs_result: AVSResult.new(code: response[:avsresponse]),
           cvv_result: CVVResult.new(response[:cvvresponse]),
           test: test?
         )
       end
 
+      def authorization_from(response, payment_type)
+        [ response[:transactionid], payment_type ].join("#")
+      end
+
+      def split_authorization(authorization)
+        authorization.split("#")
+      end
+
       def headers
         { "Content-Type"  => "application/x-www-form-urlencoded;charset=UTF-8" }
       end

data/lib/active_merchant/billing/gateways/omise.rb

@@ -14,18 +14,20 @@ module ActiveMerchant #:nodoc:
       self.live_url = self.test_url = API_URL
 
       # Currency supported by Omise
-      # * Thai Baht with Satang, i.e. 9000 => 90 THB
+      # * Thai Baht with Satang, 50000 (THB500.00)
+      # * Japanese Yen, 500 (JPY500)
       self.default_currency = 'THB'
       self.money_format     = :cents
 
       #Country supported by Omise
       # * Thailand
-      self.supported_countries = %w( TH )
+      self.supported_countries = %w( TH JP )
 
       # Credit cards supported by Omise
       # * VISA
       # * MasterCard
-      self.supported_cardtypes = [:visa, :master]
+      # * JCB
+      self.supported_cardtypes = [:visa, :master, :jcb]
 
       # Omise main page
       self.homepage_url = 'https://www.omise.co/'
@@ -39,8 +41,10 @@ module ActiveMerchant #:nodoc:
       #
       # ==== Options
       #
-      # * <tt>:public_key</tt> -- Omise's public key (REQUIRED).
-      # * <tt>:secret_key</tt> -- Omise's secret key (REQUIRED).
+      # * <tt>:public_key</tt>  -- Omise's public key  (REQUIRED).
+      # * <tt>:secret_key</tt>  -- Omise's secret key  (REQUIRED).
+      # * <tt>:api_version</tt> -- Omise's API Version (OPTIONAL), default version is '2014-07-27'
+      #                            See version at page https://dashboard.omise.co/api-version/edit
 
       def initialize(options={})
         requires!(options, :public_key, :secret_key)

data/lib/active_merchant/billing/gateways/openpay.rb

@@ -52,6 +52,13 @@ module ActiveMerchant #:nodoc:
         commit(:post, "charges/#{CGI.escape(identification)}/refund", post, options)
       end
 
+      def verify(credit_card, options = {})
+        MultiResponse.run(:use_first_response) do |r|
+          r.process { authorize(100, credit_card, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
+
       def store(creditcard, options = {})
         card_params = {}
         add_creditcard(card_params, creditcard, options)
@@ -105,6 +112,8 @@ module ActiveMerchant #:nodoc:
         post[:description] = options[:description]
         post[:order_id] = options[:order_id]
         post[:device_session_id] = options[:device_session_id]
+        post[:currency] = (options[:currency] || currency(money)).upcase
+        post[:use_card_points] = options[:use_card_points] if options[:use_card_points]
         add_creditcard(post, creditcard, options)
         post
       end
@@ -143,7 +152,7 @@ module ActiveMerchant #:nodoc:
       def headers(options = {})
         {
           "Content-Type" => "application/json",
-          "Authorization" => "Basic " + Base64.encode64(@api_key.to_s + ":").strip,
+          "Authorization" => "Basic " + Base64.strict_encode64(@api_key.to_s + ":").strip,
           "User-Agent" => "Openpay/v1 ActiveMerchantBindings/#{ActiveMerchant::VERSION}",
           "X-Openpay-Client-User-Agent" => user_agent
         }

data/lib/active_merchant/billing/gateways/opp.rb

@@ -0,0 +1,362 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class OppGateway < Gateway
+# = Open Payment Platform
+    #
+    #  The Open Payment Platform includes a powerful omni-channel transaction processing API, 
+    #   enabling you to quickly and flexibly build new applications and services on the platform. 
+    #   
+    #   This plugin enables connectivity to the Open Payment Platform for activemerchant. 
+    #
+    # For any questions or comments please contact support@payon.com
+    #
+    # == Usage
+    #
+    #   gateway = ActiveMerchant::Billing::OppGateway.new(
+    #      user_id: 'merchant user id', 
+    #      password: 'password',
+    #      entity_id: 'entity id', 
+    #   )
+    #
+    #   # set up credit card object as in main ActiveMerchant example
+    #   creditcard = ActiveMerchant::Billing::CreditCard.new(
+   #     :type       => 'visa',
+    #     :number     => '4242424242424242',
+    #     :month      => 8,
+    #     :year       => 2009,
+    #     :first_name => 'Bob',
+    #     :last_name  => 'Bobsen'
+    #     :verification_value: '123')
+    #
+    #   # Request: complete example, including address, billing address, shipping address
+    #    complete_request_options = {
+    #      order_id: "your merchant/shop order id", # alternative is to set merchantInvoiceId 
+    #      merchant_transaction_id: "your merchant/shop transaction id",
+    #      address: address,
+    #      description: 'Store Purchase - Books',
+    #      risk_workflow: false,
+    #      test_mode: 'EXTERNAL' # or 'INTERNAL', valid only for test system
+    #      create_registration: false, # payment details will be stored on the server an latter can be referenced
+    #
+    #     billing_address: {
+    #        address1: '123 Test Street',
+    #        city:     'Test',
+    #        state:    'TE',
+    #        zip:      'AB12CD',
+    #        country:  'GB',
+    #      },
+    #      shipping_address: {
+    #        name:     'Muton DeMicelis',
+    #        address1: 'My Street On Upiter, Apt 3.14/2.78',
+    #        city:     'Munich',
+    #        state:    'Bov',
+    #        zip:      '81675',
+    #        country:  'DE',
+    #      },
+    #      customer: {
+    #        merchant_customer_id:  "your merchant/customer id",
+    #        givenname:  'Jane',
+    #        surname:  'Jones',
+    #        birth_date:  '1965-05-01',
+    #        phone:  '(?!?)555-5555',
+    #        mobile:  '(?!?)234-23423',
+    #        email:  'jane@jones.com',
+    #        company_name:  'JJ Ltd.',
+    #        identification_doctype:  'PASSPORT',
+    #        identification_docid:  'FakeID2342431234123',
+    #        ip:  101.102.103.104,
+    #      },
+    #    }
+    #    
+    #    # Request: minimal example
+    #    minimal_request_options = {
+    #      order_id: "your merchant/shop order id", # alternative is to set merchantInvoiceId 
+    #      description: 'Store Purchase - Books',
+    #    }
+    #
+    #   options = 
+    #   # run request
+    #   response = gateway.purchase(754, creditcard, options) # charge 7,54 EUR
+    #
+    #   response.success?                   # Check whether the transaction was successful
+    #   response.error_code                 # Retrieve the error message - it's mapped to Gateway::STANDARD_ERROR_CODE 
+    #   response.message                    # Retrieve the message returned by opp
+    #   response.authorization              # Retrieve the unique transaction ID returned by opp
+    #   response.params['result']['code']   # Retrieve original return code returned by opp server
+    #
+    # == Errors
+    #   If transaction is not successful, response.error_code contains mapped to Gateway::STANDARD_ERROR_CODE error message. 
+    #   Complete list of opp error codes can be viewed on https://docs.oppwa.com/ 
+    #   Because this list is much bigger than Gateway::STANDARD_ERROR_CODE, only fraction is mapped to Gateway::STANDARD_ERROR_CODE. 
+    #   All other codes are mapped as Gateway::STANDARD_ERROR_CODE[:processing_error], so if this is the case, 
+    #   you may check the original result code from OPP that can be found in response.params['result']['code']
+    #       
+    # == Special features
+    #   For purchase method risk check can be forced when options[:risk_workflow] = true 
+    #   This will split (on OPP server side) the transaction into two separate transactions: authorize and capture, 
+    #   but capture will be executed only if risk checks are successful.   
+    #
+    #   For testing you may use the test account details listed fixtures.yml under opp. It is important to note that there are two test modes available:
+    #     options[:test_mode]='EXTERNAL' causes test transactions to be forwarded to the processor's test system for 'end-to-end' testing
+    #     options[:test_mode]='INTERNAL' causes transactions to be sent to opp simulators, which is useful when switching to the live endpoint for connectivity testing.
+    #   If no test_mode parameter is sent, test_mode=INTERNAL is the default behaviour.
+    #
+    #   Billing Address, Shipping Address, Custom Parameters are supported as described under https://docs.oppwa.com/parameters
+    #   See complete example above for details. 
+    #
+    #   == Tokenization
+    #  When create_registration is set to true, the payment details will be stored and a token will be returned in registrationId response field, 
+    #  which can subsequently be used to reference the stored payment.
+
+      self.test_url = 'https://test.oppwa.com/v1/payments'
+      self.live_url = 'https://oppwa.com/v1/payments'
+
+      self.supported_countries = %w(AD AI AG AR AU AT BS BB BE BZ BM BR BN BG CA HR CY CZ DK DM EE FI FR DE GR GD GY HK HU IS IN IL IT JP LV LI LT LU MY MT MX MC MS NL PA PL PT KN LC MF VC SM SG SK SI ZA ES SR SE CH TR GB US UY)
+      self.default_currency = 'EUR'
+      self.supported_cardtypes = [:visa, :master, :american_express, :diners_club, :discover, :jcb, :maestro, :dankort] 
+
+      self.homepage_url = 'https://docs.oppwa.com'
+      self.display_name = 'Open Payment Platform'
+
+      def initialize(options={})
+        requires!(options, :user_id, :password, :entity_id)
+        super
+      end
+
+      def purchase(money, payment, options={})
+        # debit
+        execute_dbpa(options[:risk_workflow] ? 'PA.CP': 'DB', 
+          money, payment, options)
+      end
+
+      def authorize(money, payment, options={})
+        # preauthorization PA
+        execute_dbpa('PA', money, payment, options)
+      end
+      
+      def capture(money, authorization, options={})
+        # capture CP
+        execute_referencing('CP', money, authorization, options)
+      end
+
+      def refund(money, authorization, options={})
+        # refund RF
+        execute_referencing('RF', money, authorization, options)
+      end
+
+      def void(authorization, options={})
+        # reversal RV
+        execute_referencing('RV', nil, authorization, options)
+      end
+
+      def verify(credit_card, options={})
+        MultiResponse.run(:use_first_response) do |r|
+          r.process { authorize(100, credit_card, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((authentication\.password=)\w+), '\1[FILTERED]').
+          gsub(%r((authentication\.userId=)\w+), '\1[FILTERED]').
+          gsub(%r((authentication\.entityId=)\w+), '\1[FILTERED]').
+          gsub(%r((card\.number=)\d+), '\1[FILTERED]').
+          gsub(%r((card\.cvv=)\d+), '\1[FILTERED]')
+      end
+
+      private
+
+      def execute_dbpa(txtype, money, payment, options)
+        post = {}
+        post[:paymentType] = txtype 
+        add_invoice(post, money, options)
+        add_payment_method(post, payment, options)
+        add_address(post, options)
+        add_customer_data(post, options)
+        add_options(post, options)
+        commit(post, nil, options)
+      end
+
+      def execute_referencing(txtype, money, authorization, options)
+        post = {}
+        post[:paymentType] = txtype
+        add_invoice(post, money, options)
+        commit(post, authorization, options)
+      end
+
+      def add_authentication(post) 
+          post[:authentication] = { entityId: @options[:entity_id], password: @options[:password], userId: @options[:user_id]} 
+      end
+
+      def add_customer_data(post, options)
+        if options[:customer]
+          post[:customer] = {
+            merchantCustomerId:  options[:customer][:merchant_customer_id],
+            givenName:  options[:customer][:givenname],
+            surname:  options[:customer][:surname],
+            birthDate:  options[:customer][:birth_date],
+            phone:  options[:customer][:phone],
+            mobile:  options[:customer][:mobile],
+            email:  options[:customer][:email],
+            companyName:  options[:customer][:company_name],
+            identificationDocType:  options[:customer][:identification_doctype],
+            identificationDocId:  options[:customer][:identification_docid],
+            ip:  options[:customer][:ip],
+          }
+        end
+      end
+
+      def add_address(post, options)
+        if billing_address = options[:billing_address]
+          address(post, billing_address, 'billing')
+        end
+        if shipping_address = options[:shipping_address]
+          address(post, billing_address, 'shipping')
+          if shipping_address[:name]
+            firstname, lastname = shipping_address[:name].split(' ') 
+            post[:shipping] = { givenName: firstname, surname: lastname }          
+          end 
+        end
+      end
+
+      def address(post, address, prefix)
+          post[prefix] = {
+            street1: address[:address1],
+            street2: address[:address2],
+            city: address[:city],
+            state: address[:state],
+            postcode: address[:zip],
+            country: address[:country],
+          } 
+      end
+
+      def add_invoice(post, money, options)
+          post[:amount] = amount(money)
+          post[:currency] = (currency(money) || @options[:currency]) if 'RV'!=(post[:paymentType])
+          post[:descriptor] = options[:description] || options[:descriptor]  
+          post[:merchantInvoiceId] = options[:merchantInvoiceId] || options[:order_id] 
+          post[:merchantTransactionId] = options[:merchant_transaction_id]  
+      end
+
+      def add_payment_method(post, payment, options)
+          if options[:registrationId]
+            #post[:recurringType] = 'REPEATED'
+            post[:card] = {
+              cvv: payment.verification_value,
+            }
+          else
+            post[:paymentBrand] = payment.brand.upcase
+            post[:card] = {
+              holder: payment.name,
+              number: payment.number,
+              expiryMonth: "%02d" % payment.month,
+              expiryYear: payment.year,
+              cvv: payment.verification_value,
+            }
+          end
+      end
+
+      def add_options(post, options)
+        post[:createRegistration] = options[:create_registration] if options[:create_registration] && !options[:registrationId]
+        post[:testMode] = options[:test_mode] if test? && options[:test_mode]
+        options.each {|key, value| post[key] = value if key.to_s.match('customParameters\[[a-zA-Z0-9\._]{3,64}\]') }
+        post['customParameters[SHOPPER_pluginId]'] = 'activemerchant'
+      end
+
+      def build_url(url, authorization, options)
+        if options[:registrationId]
+          "#{url.gsub(/payments/, 'registrations')}/#{options[:registrationId]}/payments"
+        elsif authorization  
+          "#{url}/#{authorization}"
+        else
+          url
+        end
+      end
+      
+      def commit(post, authorization, options)
+        url = (test? ? test_url : live_url)
+        add_authentication(post)
+        post = flatten_hash(post)
+
+        url = build_url(url, authorization, options)
+        raw_response = raw_ssl_request(:post, url, 
+            post.collect { |key, value| "#{key}=#{CGI.escape(value.to_s)}" }.join("&"), 
+            "Content-Type" => "application/x-www-form-urlencoded;charset=UTF-8")
+            
+        success = success_from(raw_response)
+        response = raw_response.body
+        begin 
+          response = JSON.parse(response)          
+        rescue JSON::ParserError
+          response = json_error(response)
+        end
+
+        Response.new(
+          success,
+          message_from(response),
+          response,
+          authorization: authorization_from(response),
+          test: test?,
+          error_code: success ? nil : error_code_from(response),
+        )
+      end
+
+      def success_from(raw_response)
+        raw_response.code.to_i.between?(200,299)  
+      end
+
+      def message_from(response)
+        response['result']['description']
+      end
+
+      def authorization_from(response)
+        response['id']
+      end
+
+      def error_code_from(response)
+          case response['result']['code']
+          when '100.100.101' 
+              Gateway::STANDARD_ERROR_CODE[:incorrect_number]
+          when '100.400.317' 
+              Gateway::STANDARD_ERROR_CODE[:invalid_number]
+          when '100.100.600', '100.100.601', '800.100.153', '800.100.192' 
+              Gateway::STANDARD_ERROR_CODE[:invalid_cvc]
+          when '100.100.303' 
+              Gateway::STANDARD_ERROR_CODE[:expired_card]
+          when '100.800.200', '100.800.201', '100.800.202', '800.800.202' 
+              Gateway::STANDARD_ERROR_CODE[:incorrect_zip]
+          when '100.400.000', '100.400.086', '100.400.305', '800.400.150' 
+              Gateway::STANDARD_ERROR_CODE[:incorrect_address]
+          when '800.100.159' 
+              Gateway::STANDARD_ERROR_CODE[:pickup_card]
+          when '800.100.151', '800.100.158', '800.100.160' 
+              Gateway::STANDARD_ERROR_CODE[:card_declined]
+            else
+              Gateway::STANDARD_ERROR_CODE[:processing_error]
+          end
+      end
+      
+      def json_error(raw_response)
+        message = "Invalid response received #{raw_response.inspect}"
+        { 'result' => {'description' => message, 'code' => 'unknown' } }
+      end
+      
+      def flatten_hash(hash)
+        hash.each_with_object({}) do |(k, v), h|
+          if v.is_a? Hash
+            flatten_hash(v).map do |h_k, h_v|
+              h["#{k}.#{h_k}".to_sym] = h_v
+            end
+          else 
+            h[k] = v
+          end
+         end
+      end      
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/orbital.rb

@@ -28,6 +28,8 @@ module ActiveMerchant #:nodoc:
     # Company will automatically be affiliated.
 
     class OrbitalGateway < Gateway
+      include Empty
+
       API_VERSION = "5.6"
 
       POST_HEADERS = {
@@ -82,7 +84,9 @@ module ActiveMerchant #:nodoc:
 
       CURRENCY_CODES = {
         "AUD" => '036',
+        "BRL" => '986',
         "CAD" => '124',
+        "CLP" => '152',
         "CZK" => '203',
         "DKK" => '208',
         "HKD" => '344',
@@ -101,7 +105,9 @@ module ActiveMerchant #:nodoc:
 
       CURRENCY_EXPONENTS = {
         "AUD" => '2',
+        "BRL" => '2',
         "CAD" => '2',
+        "CLP" => '2',
         "CZK" => '2',
         "DKK" => '2',
         "HKD" => '2',
@@ -175,7 +181,7 @@ module ActiveMerchant #:nodoc:
       USE_ORDER_ID         = 'O' #  Use OrderID field
       USE_COMMENTS         = 'D' #  Use Comments field
 
-      SENSITIVE_FIELDS = [:account_num]
+      SENSITIVE_FIELDS = [:account_num, :cc_account_num]
 
       def initialize(options = {})
         requires!(options, :merchant_id)
@@ -291,6 +297,19 @@ module ActiveMerchant #:nodoc:
         commit(order, :delete_customer_profile)
       end
 
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((<OrbitalConnectionUsername>).+(</OrbitalConnectionUsername>)), '\1[FILTERED]\2').
+          gsub(%r((<OrbitalConnectionPassword>).+(</OrbitalConnectionPassword>)), '\1[FILTERED]\2').
+          gsub(%r((<AccountNum>).+(</AccountNum>)), '\1[FILTERED]\2').
+          gsub(%r((<CardSecVal>).+(</CardSecVal>)), '\1[FILTERED]\2').
+          gsub(%r((<MerchantID>).+(</MerchantID>)), '\1[FILTERED]\2')
+      end
+
       private
 
       def authorization_string(*args)
@@ -328,7 +347,7 @@ module ActiveMerchant #:nodoc:
 
       def add_address(xml, creditcard, options)
         if(address = (options[:billing_address] || options[:address]))
-          avs_supported = AVS_SUPPORTED_COUNTRIES.include?(address[:country].to_s)
+          avs_supported = AVS_SUPPORTED_COUNTRIES.include?(address[:country].to_s) || empty?(address[:country])
 
           if avs_supported
             xml.tag! :AVSzip,      byte_limit(format_address_field(address[:zip]), 10)
@@ -338,9 +357,9 @@ module ActiveMerchant #:nodoc:
             xml.tag! :AVSstate,    byte_limit(format_address_field(address[:state]), 2)
             xml.tag! :AVSphoneNum, (address[:phone] ? address[:phone].scan(/\d/).join.to_s[0..13] : nil)
           end
-          # can't look in billing address?
+
           xml.tag! :AVSname, ((creditcard && creditcard.name) ? creditcard.name[0..29] : nil)
-          xml.tag! :AVScountryCode, (avs_supported ? address[:country] : '')
+          xml.tag! :AVScountryCode, (avs_supported ? (byte_limit(format_address_field(address[:country]), 2)) : '')
 
           # Needs to come after AVScountryCode
           add_destination_address(xml, address) if avs_supported
@@ -398,10 +417,12 @@ module ActiveMerchant #:nodoc:
         #   Do not submit the attribute at all.
         # - http://download.chasepaymentech.com/docs/orbital/orbital_gateway_xml_specification.pdf
         unless creditcard.nil?
-          if %w( visa discover ).include?(creditcard.brand)
-            xml.tag! :CardSecValInd, (creditcard.verification_value? ? '1' : '9')
+          if creditcard.verification_value?
+            if %w( visa discover ).include?(creditcard.brand)
+              xml.tag! :CardSecValInd, '1'
+            end
+            xml.tag! :CardSecVal,  creditcard.verification_value
           end
-          xml.tag! :CardSecVal,  creditcard.verification_value if creditcard.verification_value?
         end
       end