I just tried to buy something using my company AmEx card and accidentally entered the wrong security code. (AmEx has their code on the front of the card, not on the back like my personal check card.)
Instead of a generic error message that told me the card was declined or couldn’t be accepted, I got this very specific error message that includes a detailed graphic. A graphic! What a pleasant failure message.
LBDGon 27 Jun 08
Very cool. I especially like the circles showing where the number is located, plus the crossed out circle on the gold card saying “not this number.”
Vladon 27 Jun 08
Seriously, between Mastercard, Discover, Visa, and American Express, I’m glad this error message is specific enough to really pin-point that code. Not only that, but every company also calls it something different too!
I also like the sites that while I enter the number, based on the first 4 it figures out what card I’m using and highlights a graphic of it. It’s not necessary, but it gives me that assurance that both the website knows what it’s doing and that I’m entering my number correctly.
Chris Smithon 27 Jun 08
You probably entered 3 digits instead of four.
If you’d have entered 4 digits, but the incorrect code, you would’ve received a declined message instead of the nice form validation.
Unfortunately, practically all card processors do not differentiate on the client end why a card is being rejected, except for some VERY generic errors that aren’t too usable for displaying purposes.
Still, it’s great form validation error display.
nickdon 27 Jun 08
That’s really smart. I just got an Amex recently and have been thrown off by the security code in the “wrong” place; on Discover, Visa, and MC they are all on the back near the signature…
mkbon 27 Jun 08
The only time I ever used an AMEX there was the CVV2 code on the front, PLUS another totally different code on the back that did not appear in the account number. I wonder if this is was AMEX Gift Card specific?
A common mistake...on 27 Jun 08
Being that 37signals is all about usability, something tells me you did this on purpose to see what would happen.
I’m only saying this because you run a site that does thousands upon thousands of credit card transactions? :)
SHon 27 Jun 08
“Being that 37signals is all about usability, something tells me you did this on purpose to see what would happen.”
No, I’m just human, and made a mistake. Imagine that!
David Andersenon 27 Jun 08
It is a good message and it wouldn’t even need to be so elaborate to be useful.
Contrast that with this one:
When you ‘click here’ you get this:
Then you get:
The best part? Not even the tech support people know why this is happening or what code generates it.
Now that is good stuff.
Jacek Becelaon 27 Jun 08
Good, old-school 37s post.
Chris Smithon 28 Jun 08
I work for an internet merchant (I’m the in-house techie/nerd/IT/web “developer”), so I know EXACTLY what you are referring to.
Most gateway providers have the ability to send back a status code to the terminal/application that gives at least a generic reason why it was declined (CVV mismatch, ZIP incorrect, address incorrect, NSF, etc.). However, most choose not to. It would be TOO easy to pass that value through and reference it to a list of codes and provide a plain English translation of WHY it was declined, yet no one wants to do it. It’s usually available in the merchant virtual terminal, but never available in the web APIs.
dusofton 28 Jun 08
Part of you is correct, but I think generic messages are offered for security reasons as well.
Chris Smithon 28 Jun 08
@dusoft That may be true, but revealing that information wouldn’t significantly increase fraudulent activity. Those people aren’t going to be phased by AVS.
David Andersenon 30 Jun 08
My error message isn’t specific to CC transactions (it’s for a piece of enterprise software) but nevertheless, I agree that it’s not particularly demanding to provide clear, meaningful error text.
Crystal Bradleyon 01 Jul 08
@Chris Smith Have you worked with Authorize.net? I ask because that is who we use for payment processing and I’m wondering if they are typical and don’t pass really useful information. Oh and I’m not the super techy person, just the project manager.
This discussion is closed.