Cybersource Developer Community Cybersource Developer Community

swathi_sakthi · ‎10-30-2025

Hi,

We are seeing fraudulent transactions coming from customer accounts, where the customer tokens are compromised and purchases are made without their attention.

As an option, we are seeing if there is any way where we can mandate the customer to enter the CVN field alone and prepopulate the card information from the token we have already got from the secure acceptance page when the customer added the card details.

We want to give the Customer Token (9503910000139017) to secure acceptance or Microform and show the customer with their card details and ask just for the CVN alone so that a 0 dollar auth can be made for each transaction. We do not want the customer to enter the card details again for all the transactions.

We explored both the Flex Microform option and also sending "payment _token" directly to Secure Acceptance also and everywhere card number is mandated.

Chad7787 · ‎11-03-2025

Your current setup is standard, as Card Verification Number (CVN) is designed to verify the physical card, and most payment processors like Cybersource's Secure Acceptance mandate full card data or the token along with CVN for a zero-dollar authorization.
The challenge is that CVN cannot be stored due to PCI compliance, so requiring only CVN with a stored token isn't a natively supported flow by most payment gateways that require a full set of payment details CooMeet (token, expiry, CVN) for a new authorization.
You should explore leveraging Payer Authentication (3-D Secure) with your token, which is a strong method for verifying the customer's identity for stored cards and preventing fraud without requiring a CVN.

Cybersource Developer Community Cybersource Developer Community

Avoid Fraudulent Transactions - Ask customer to enter just CVN alone