I'm integrating PayPal payments in my Flutter app (Flutter 3.27.1) using a WebView (webview_flutter). I’ve migrated from the deprecated v1/payments/payment to the v2/checkout/orders API.
The issue is that when users enter an obviously invalid CVV (e.g., "123"), the transaction still succeeds and the PayPal order status is returned as COMPLETED, in both sandbox and live environments.
Integration Setup:Integration type: Custom WebView-based checkoutPayment method: CardPayPal API: V2 OrdersEnvironments: Sandbox & Live
I tested multiple card numbers with invalid CVVs to simulate incorrect entries. I ensured the WebView isn't bypassing any PayPal error handling and that the standard payment flow is followed.
Expected Behavior:If the CVV is incorrect, the payment should fail or at least not be marked as COMPLETED.
Main Question:Is there a way to enforce stricter CVV validation when using PayPal’s V2 Orders API?