cancel
Showing results for 
Search instead for 
Did you mean: 

Mandatory CVV (Visa requirement) and use of customer profiles

Hello,

 

I would like to have more information about how Visa's requirement to pass the CVV for each transaction will be implemented with customer profiles.

 

Could customer profiles be created without providing the CVV?

If yes, if we have existing customer profiles without a CVV, would transactions fail when the mandatory CVV rule is effective in October?

 

Thank you!

kecommerce
Member
1 ACCEPTED SOLUTION

Accepted Solutions

 

Thanks for providing the reference. Just to make sure we're on the same page, this Visa rule applies to the Canada region only.

 

Answers to your questions:

 

Q. Could customer profiles be created without providing the CVV?


A. Yes. The CVV (referred to as 'cardCode' field in our API) is optional when creating a customer profile. If passed in, the cardCode field is only used for validation and is not stored in the customer profile. It should only be used when submitting validationMode with a value of testMode or liveMode. 

 

Please refer to the API documentation for additional detail:

https://developer.authorize.net/api/reference/#customer-profiles-create-customer-profile

 

 

Q. If yes, if we have existing customer profiles without a CVV, would transactions fail when the mandatory CVV rule is effective in October?

 

A. No, not necessarily. Per Visa Rules section 10.12.2.2 Card Verification Value 2 (CVV2) Requirements – Canada Region:

 

"Effective 13 October 2018 for a Mail/Phone Order Merchant or Electronic Commerce Merchant

 

A Mail/Phone Order Merchant or Electronic Commerce Merchant must capture the CVV2 and include it in the Authorization Request.

 

This does not apply to:

* A Transaction that uses a Stored Credential

* Effective 14 April 2018

   - A Transaction initiated with a payment Token"

 

You can find details on the rule in the latest Visa Core Rules document:

https://usa.visa.com/dam/VCOM/download/about-visa/visa-rules-public.pdf 

 

 

 

View solution in original post

vladimir
Authorize.Net Developer Authorize.Net Developer
Authorize.Net Developer
4 REPLIES 4

Hi,

 

To help us answer your question, please clarify which specific Visa rule you are referring to. Do you have a document or web page link you can share?

 

Thank you.

 

 

vladimir
Authorize.Net Developer Authorize.Net Developer
Authorize.Net Developer

Hello,

 

I am referring to the requirement to use the CVV for all e-commerce transactions. This requirement only applied to new merchants last yeat but will apply to all merchants on October 13, 2018.

 

Here is a link to a brochure from Visa regarding this requirement:

 

https://www.moneris.com/~/media/Files/2017/visa-security-mandates/Expanded-CVV2-One-pager.pdf

 

Best regards

 

Thanks for providing the reference. Just to make sure we're on the same page, this Visa rule applies to the Canada region only.

 

Answers to your questions:

 

Q. Could customer profiles be created without providing the CVV?


A. Yes. The CVV (referred to as 'cardCode' field in our API) is optional when creating a customer profile. If passed in, the cardCode field is only used for validation and is not stored in the customer profile. It should only be used when submitting validationMode with a value of testMode or liveMode. 

 

Please refer to the API documentation for additional detail:

https://developer.authorize.net/api/reference/#customer-profiles-create-customer-profile

 

 

Q. If yes, if we have existing customer profiles without a CVV, would transactions fail when the mandatory CVV rule is effective in October?

 

A. No, not necessarily. Per Visa Rules section 10.12.2.2 Card Verification Value 2 (CVV2) Requirements – Canada Region:

 

"Effective 13 October 2018 for a Mail/Phone Order Merchant or Electronic Commerce Merchant

 

A Mail/Phone Order Merchant or Electronic Commerce Merchant must capture the CVV2 and include it in the Authorization Request.

 

This does not apply to:

* A Transaction that uses a Stored Credential

* Effective 14 April 2018

   - A Transaction initiated with a payment Token"

 

You can find details on the rule in the latest Visa Core Rules document:

https://usa.visa.com/dam/VCOM/download/about-visa/visa-rules-public.pdf 

 

 

 

vladimir
Authorize.Net Developer Authorize.Net Developer
Authorize.Net Developer

Hello vladimir,

 

Thank you for these very clear answers!