Error #12002. Processor Decline. This transaction cannot be processed due to either missing, incomplete or invalid 3-D Secure authentication values

We’re getting 100s of reports from customers who are unable to pay via s2member direct card payment (using PayPal as the gateway). The number of reports are growing daily.

We’re using the latest version of s2member:

Version 210526 + s2Member Pro v210526

The returned error is:

Error #12002. Processor Decline. This transaction cannot be processed due to either missing, incomplete or invalid 3-D Secure authentication values.

This started off with Lloyds cards but now more and more banks and card issuers are being added to the list.

I can’t find anything relevant in s2member’s documentation or on the forum and nothing PayPal’s end as to how to fix this and Google isn’t throwing up any answers either.

I wonder if it’s related to Strong Customer Authentication (SCA) being rolled out across the UK - https://www.fca.org.uk/consumers/strong-customer-authentication?

PayPal account subscriptions are unaffected, this is only people using their card directly using an s2member form.

The extended log files don’t shed any light on the issue beyond that being the error and error code returned from PayPal.

Is this a recent problem? The article you linked to says the SCA changes were implemented last September, so it’s unlikely to be the issue.

Yes it’s recent, roughly from the start of February 2022 but increasing in number of reports daily.

I believe SCA has been slowly rolling out from around that date but is now becoming mandatory with each card issuer adopting a strict policy…

https://www.ukfinance.org.uk/press/press-releases/deadline-implement-strong-customer-authentication-fast-approaching

Retailers with an online presence need to ensure they fully support Strong Customer Authentication (SCA) by 14 March 2022 or risk customer purchases being declined.

Interesting. It could be the problem, but it does say that card issuers will begin declining transactions on Jan 18, and so far there has been no other mention of it on here.

I would think that if SCA is the cause, Google would have lots of reports of issues, especially from small sites that don’t know how to implement the necessary changes.

I would also like to believe that PayPal would contact me to inform of something like this if it was going to prevent me from receiving payments, but I’ve heard nothing.

I have not received any complaints about declined payments, but most of my customers are in the US so maybe I’m not affected? This would be a good time for Cristian (the developer) to pop in with a comment.

Thank you for your comments.

Yep exactly my thinking, if this was more widespread then I’d expect Google and these forums to be lit up with that error code and/or mentions of ‘3-D Secure errors’.

There must be plenty of people using s2member and PayPal to accept ‘direct card payments’ within the UK using PayPal Pro-Forms.

Would be really good if I could receive confirmation please from the dev that s2member is using correct/current APIs for PayPal RE the above so I can switch my attention elsewhere as to what on earth is going on.

Thank you.

You also mentioned that PayPal offers nothing on how to fix your issue, which further adds to my belief that it’s not related to SCA. But yes, it would certainly help if Cristian would respond.

Sorry, me again. I was just reading about 3D Secure Authentication on PayPal’s website.

Whether or not any changes need to be made with s2Member seems to depend on whether s2Member uses a Hosted or Direct version of PayPal Pro. If PayPal Pro is hosted on the site (which I think it is when you use s2Member Pro), there are no changes that need to be made because PayPal takes care of it on their end.

If PayPal Pro is not hosted on your site, then a change needs to be made. So the question then is whether or not s2Member Pro hosts PayPal Pro directly on your site. I don’t know the answer to that.

Cristian, please could you comment on the above? Thank you.

Secondary question would be, has this been done within s2member then:

Screenshot 2022-03-09 at 10-34-42 PayPal PSD2 - Two Factor Authentication PayPal UK.png1102×519 85 KB

Just found this which I’m going through now: New European regulation for online payments with Stripe

Call with PayPal confirms PayPal Pro as a product isn’t (and never will be) compliant. Only solution is to switch to PayPal Checkout for a compliant solution. Absolute/hard deadline of 31 March 2022 to do this.

Although I’m not sure Modifications are compatible with Express Checkout, which our site relies upon. So confused!

Note regarding ‘Hosted Solution’: s2Member Pro does NOT support PayPal Payments Pro as a ‘Hosted Solution’, which is a separate PayPal product with its own API. The Hosted Solution is designed to allow you to accept credit card payments on PayPal’s website, not on your website using something like s2Member Pro. If you signup for PayPal Payments Pro (not the Hosted Solution variation), that will work just fine with s2Member Pro.

I don’t think there is an easy solution here as Cristian has not been heard from in months. I’ve sent him numerous messages with no replies. He should have known about these changes a long time ago. Maybe someone else here knows how to make the necessary changes to s2Member?

That explains why your recurring subscription payments have not been affected. According to the info on Stripe’s website, SCA only applies to “customer-initiated” transactions (like when someone signs up for the first time using the PayPal Pro forms). But it does not apply to recurring subscription payments which are considered “merchant-initiated” transactions.

SCA also only applies to transactions where both the business and the customer’s bank are in Europe, which explains why those of us living elsewhere are not being affected (yet!).

Were you able to figure anything out? I noticed in that other post you linked to that Cristian released an SCA-compatible version of s2Member in Sep. 2019, and there have been newer releases since then. But maybe it’s only compatible with Stripe, not PayPal?

Odd that there is still no one else reporting the issue.

Not figured out a sensible fix yet, no. Only some contingency plans so far.

Terrible timing as next week is going to be our site’s busiest time of the year by a long way and heavily promoted on socials and mailshots. I’m expecting 1000s of failed transactions and an equal number of customer service contacts.

I too noticed the acknowledgment by s2memeber of SCA back in 2019 but can only see Stripe being made compliant within s2member, was really hoping I was missing something.

Yes I’ve come across similar wording in places - as long as a recurring payment subscription doesn’t change amount or frequency it’s only the first customer-initiated payment that’ll be subject to SCA and the rest treated as automated.

My own UK based bank contacted me last night telling me to expect failed transactions as of Monday 14 March and if/when that happens to go badger the merchant to tell them they’re not compliant.

Another problem is that we rely heavily on up selling customers from one package to another and/or other incentives like a discount if you switch from a monthly to annual plan. All of this will trigger SCA for non-PayPal account subscriptions. This isn’t going to be pretty.

I just can’t believe no one else is here reporting the issue. You can’t be the only s2Member user in the UK using PayPal.

Unfortunately, since development on s2Member seems to have stopped, I think the only solution would be to either switch to Stripe or to a different plugin. I’ve been considering making the switch to Memberpress but the thought of making big changes to my site makes me ill. However, if I’m left with no choice, I’ll have to do it.

That’s concerning. Is there anyone running the ship or has s2member been abandoned?

I have been looking for an alternative to s2members, since it seems to have been abandoned.

Restrict content pro seems to be quite similar, not too expensive and they roll out new versions from time to time. What do you think?