Showing results for 
Search instead for 
Did you mean: 

NVP Name Without Value / CCV Fraud Filters

Hey all,

We've been in production with Authorize for about 4 months now, had our first "are we doing this right" problem over the weekend.  We attempted to process a transaction with no CCV supplied by the user (using the NVP API we passed an name value pair of "CVV2=") and because our CCV "S" fraud filter was enabled and the issuing card requires CCV the transaction was denied.  No big deal, understand why that happened, but left us with a couple of questions.


First, a general question:  when a value you're going to pass to the NVP API is actually blank (as it was in this instance with the CVV code) is it better to suppress the pair altogether?  Or does it not matter because the API will treat it as not supplied whether the name is there or not?


Second question about testing:  I've seen the article about passing specific numeric values as the CVV2 to invalidate a fraud filter (like 902 for an S), but to duplicate the scenario we saw (and try to prove for ourselves our first question) we need to be able to pass an empty CCV to trigger an S.  Is it possible to test this scenario in the sandbox, or is it not because of the needed involvement of the credit card network?





CVV filtering is based around card fields only. There is, for all intents and purposes, no "name on the card" any more - just a billing address that includes a name - therefore name will have no impact on whether the card goes through or not. Address is of course a different matter if you're using AVS. Theoretically, you can charge credit cards with as little as amount, card number and expiration date - no other information at all.


As for your second question, there's probably an answer somewhere in the documentation, but why mess with that when you can conduct an empirical test? Turn on S and P and run your credit card through. If it triggers an error, it works properly in sandbox mode; if it doesn't, you probably need to save that one for when you go live.


Note, incidently, that you can prevent inadvertent submissions missing CVV by doing something like this in your form tag:

onsubmit="if (this.x_card_code.value == '') { window.alert('A card code is required.'); return false; }"