Showing results for 
Search instead for 
Did you mean: 

Override CVV validation for CIM account



Here's is one feature I would really like to have: for customer accounts that we store in CIM, allow for charges to go through without CVV code.  At the moment, CVV validation is a global setting.  Either you have it for all or for none.  The ideal situation for us is to be able to check for CVV validity for new cards/accounts, but once we store that info in CIM we don't require CVV to process charges. 


The point of CIM is to make it easy for our customers to make subsequent transactions.  It takes away from this convenience if they still have to take their card out to look up their CVV on their subsequent transactions.


Can you (Authorize) please consider this feature?  Thank you.




I am just building the CIM solution now and running into the problem I described.   We are not using the accept solution yet but I don't see how that makes any difference here. 


I played around in the sandbox for hours yesterday trying to figure out how to make CVV required for normal online sales transactions, but not required when paying from a saved payment profile.


First of all, the createCustomerProfileTransaction API request seems to require the cardCode element no matter what, whether non matching CVV triggers a decline or not.  I changed my settings both ways on the account and either way, without a cardCode element, I get an error.  And a blank value also always returns an error.  And a space value returns some invalid data type error.


Further, from the merchant console, when I try to charge the card from the payment profile, it also requires CVV, even with all CVV filters turned off or set to accept txn even on mismatch.


So - what is the point of CIM?  If you can't save CVV due to PCI rules and have to get the card code from the customer for every transaction, you might as well have them also tell you the card number and everything else.  I guess it's only useful to present save cards to the customer on the payment page and let them enter just CVV to run the charge.  But the merchant cannot run a charge against a saved customer card without contacting them for the CVV I guess.   Do I have this right?  


The main objective of this project was to allow customers to pay large invoices in installments where they authorize us to run the payments on a schedule after customer enters all the card info for the initial payment (and then we save it in CIM).  So is there any way to do this without having to contact the customer again for the CVV which defeats the purpose?  It seems that even if CVV is not required for regular online transactions, the CIM transaction API still requires it.


Any advice greatly appreciated.  This is becoming a giant time sink for me here.





ok, I finally figured this out.


The problem was that in my settings for Payment Form / Form Fields, I had the CVV field set to required.


I found another post in the forums here which explained that this setting applies not just to the hosted payment form but to API's as well.


So after unchecking the required checkbox, I was able to submit a transaction to charge a payment profile WITHOUT including CCV code, even though my CCV filters are on and I have the Does Not Match (N) result set to DECLINE.


The transaction was approved with cvvResultCode = P, which means NOT PROCESSED.  I do have my filters set to allow reslut code P.


So it looks like I can accomplish what I want here - to require security codes for some transactions and not others.  Whew!  That took 4 days of research to figure out.  I hope this post will save some time.