Hello everybody,
not really sure whether this is the right place to ask this question - maybe I should post this to the merchants' support but I don't have any such access at the moment.
I've searched through the docs and through this forum but wasn't able to find what I'm looking for.
Here are the possible responses of a Card Code check, along with my lucubrations about them - consider that the payment form will display the Card Code field and that field will be mandatory, as the merchant asked me to implement it like this.
"N - The Card Code does not match"
Okay, the customer provided a Card Code that doesn't match the data in the issuer database, I shall refuse such transactions.
"P - The Card Code was not processed"
Really not sure what this means exactly and what to do about it.
"S - The Card Code was not indicated"
This should mean that the customer didn't enter the Card Code. Should never happen as I'm setting the Card Code field as mandatory.
"U - Card Code is not supported by the card issuer"
Again, as I'm setting the Card Code field as mandatory, this should not happen. Unless, I suppose, the customer simply enters random numbers in the Card Code field and Authorize.net simply discards it as the issuer does not support it. Since the merchant asked me to impose the Card Code in the purchase form I suppose I should simply set the filter to refuse transactions which return an "U" response.
So let's say I want to proceed with auth & capture only when the Card Code is supported by the issuer, is provided by the customer and matches, I set the Card Code fraud filter to:
refuse transactions with "N" response - as it doesn't match, and OK.
refuse transactions with "P" response? - as I expect it to be processed? not sure here...
refuse transactions with "S" response - even though this should never happen... whatever, I'm pretty sure this doesn't apply in any case as I'm setting the Card Code field as mandatory.
refuse transactions with "U" response? - in case somebody provides a made-up Card Code just to submit the form?
I'm asking moreover because I'm not able to test it with my sandbox account (I get a x_cvv2_resp_code == 'P' response whatever Card Code I try with the CC 4111111111111) or I simply don't know how to test it, which would be more likely :-)
A bit stumbling in the dark... any light will be more than welcome.
11-21-2011 06:29 AM
It will always be 'P' on a test account. Read the last half of the following blog for testing other CVV response.
11-21-2011 06:42 AM
Thanks for the reference, now I can test it but I'm still not sure about how I'll have to set the filter for the production account.
Will the P response be raised only by test transactions? If not, what does it means in a real transaction?
Can I safely assume that in the production account, setting this filter to refuse all transactions with either N, P, S or U responses, only cards which support CCV (and where the customer provides the correct CCV) will be processed?
11-21-2011 06:55 AM
Personally, I'd just leave it at the default setting of rejecting Do Not Match (N). The other categories are all the responsibility of Authorize.net and/or the card issuer and are highly unlikely to occur at the same time as someone trying to make a fraudulent charge, assuming you set a reasonably high minimum charge amount in your security settings. And they still have to get the card number and expiration date correct.
Incidently, I think the four categories are separate from one another - rejecting Do Not Match probably won't prevent Is Not Processed from going through, for instance. Can't check if there's a match if the card code isn't processed.
EDIT: Yes, if you check off all the options, only a valid card code will make it through.
11-21-2011 07:04 AM - edited 11-21-2011 07:05 AM
Will the P response be raised only by test transactions? If not, what does it means in a real transaction?
Not sure. But you said you want to reject it anyway.
Can I safely assume that in the production account, setting this filter to refuse all transactions with either N, P, S or U responses, only cards which support CCV (and where the customer provides the correct CCV) will be processed?
Yep, it will only accept if the CCV response is match(M).
11-21-2011 07:07 AM
Very good, thanks and kudos to both.
11-21-2011 07:17 AM