topic Re: Mandatory CVV (Visa requirement) and use of customer profiles in Integration and Testing

Mandatory CVV (Visa requirement) and use of customer profiles

kecommerce — Tue, 17 Jul 2018 19:11:34 GMT

Hello,

I would like to have more information about how Visa's requirement to pass the CVV for each transaction will be implemented with customer profiles.

Could customer profiles be created without providing the CVV?

If yes, if we have existing customer profiles without a CVV, would transactions fail when the mandatory CVV rule is effective in October?

Thank you!

Re: Mandatory CVV (Visa requirement) and use of customer profiles

vladimir — Wed, 18 Jul 2018 20:17:45 GMT

Hi,

To help us answer your question, please clarify which specific Visa rule you are referring to. Do you have a document or web page link you can share?

Thank you.

Re: Mandatory CVV (Visa requirement) and use of customer profiles

kecommerce — Wed, 18 Jul 2018 20:27:48 GMT

Hello,

I am referring to the requirement to use the CVV for all e-commerce transactions. This requirement only applied to new merchants last yeat but will apply to all merchants on October 13, 2018.

Here is a link to a brochure from Visa regarding this requirement:

https://www.moneris.com/~/media/Files/2017/visa-security-mandates/Expanded-CVV2-One-pager.pdf

Best regards

Re: Mandatory CVV (Visa requirement) and use of customer profiles

vladimir — Fri, 20 Jul 2018 19:17:47 GMT

Thanks for providing the reference. Just to make sure we're on the same page, this Visa rule applies to the Canada region only.

Answers to your questions:

Q. Could customer profiles be created without providing the CVV?

A. Yes. The CVV (referred to as 'cardCode' field in our API) is optional when creating a customer profile. If passed in, the cardCode field is only used for validation and is not stored in the customer profile. It should only be used when submitting validationMode with a value of testMode or liveMode.

Please refer to the API documentation for additional detail:

https://developer.authorize.net/api/reference/#customer-profiles-create-customer-profile

Q. If yes, if we have existing customer profiles without a CVV, would transactions fail when the mandatory CVV rule is effective in October?

A. No, not necessarily. Per Visa Rules section 10.12.2.2 Card Verification Value 2 (CVV2) Requirements – Canada Region:

"Effective 13 October 2018 for a Mail/Phone Order Merchant or Electronic Commerce Merchant

A Mail/Phone Order Merchant or Electronic Commerce Merchant must capture the CVV2 and include it in the Authorization Request.

This does not apply to:

* A Transaction that uses a Stored Credential

* Effective 14 April 2018

- A Transaction initiated with a payment Token"

You can find details on the rule in the latest Visa Core Rules document:

https://usa.visa.com/dam/VCOM/download/about-visa/visa-rules-public.pdf

Re: Mandatory CVV (Visa requirement) and use of customer profiles

kecommerce — Mon, 23 Jul 2018 13:38:47 GMT

Hello vladimir,

Thank you for these very clear answers!