Braintree DropInUI gateway rejection card verification not failing when creating customer (PHP)

Question

I have the following code for my (sandbox) checkout: (I have omitted the initial variable declarations for brevity)

require_once("braintree/braintree_init.php");

$nonceFromTheClient = 'fake-gateway-rejected-fraud-nonce';  

$result = Braintree_Customer::create([
    'id' => $userId,
    'firstName' => $firstName,
    'lastName' => $lastName,
    'email' => $email,
    'paymentMethodNonce' => $nonceFromTheClient,
    'creditCard' => [
        'billingAddress' => [
            'streetAddress' => $billingAddress,
            'locality' => $billingCity,
            'region' => $billingState,
            'postalCode' => $billingZip
        ]
    ]
]);

if ($result->success) {
    echo "create: success";
    $token = $result->customer->paymentMethods[0]->token;
} else {
    echo "create: fail";
    foreach($result->errors->deepAll() AS $error) {
        echo($error->code . ": " . $error->message . "\n");
    }
    $verification = $result->creditCardVerification;
    echo $verification->status;
    echo $verification->processorResponseCode;
    echo $verification->processorResponseText;
    echo $verification->gatewayRejectionReason;
    $verificationError = "There was a problem processing your credit card; please double check your payment information and try again.";
    return false;
}

$result = Braintree_Subscription::create([
    'paymentMethodToken' => $token,
    'planId' => $subId
]);

if ($result->success) {
    $subscriptionId = $result->subscription->id;
    header("Location:  transaction.php?i=".$subscriptionId."");
} else {
    foreach($result->errors->deepAll() AS $error) {
        echo($error->code . ": " . $error->message . "\n");
    }
}

I'm trying to get the card verification to fail. I have verification enabled for all cards in the Control Panel. When I use the provided $nonceFromTheClient = 'fake-gateway-rejected-fraud-nonce', the customer creation is still successful.

If I use a card number 4000111111111115 from the Unsuccessful credit card verification list, it is still successful, although admittedly I am not clear what nonce should be used with the card number.

If I use 'fake-processor-declined-visa-nonce' it fails (as expected).

So I'm not sure why the card verification is still successful for the first two attempts?

Answer 1

_{Full disclosure: I work at Braintree. If you have any further questions, feel free to contact our support team .}

Credit cards are not verified by default when being vaulted in our gateway. You must set the verifyCard option to true in order to have the card verified.

$result = Braintree_Customer::create([
    'firstName' => 'Fred',
    'lastName' => 'Jones',
    'creditCard' => [
        'paymentMethodNonce' => nonceFromTheClient,
        'options' => [
            'verifyCard' => true
        ]
    ]
]);

The testing section of our docs further elaborates on the use of our fake test nonces.