cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

CCV Filter settings and CIM

When using CIM, there are several opportunities to provide the "card code" (or CVV, or CCV) value when making a request.  Most notably, you can send the card code when:

 

 

  • You're creating and storing a payment profile
  • You're creating a transaction (i.e. auth and caputure) against a stored payment profile
BUT, there is only one set of settings for the CCV Filter.
What if you want to validate the CCV when storing the payment profile, but not every time you run a transaction against the stored payment profile?  Is this use case supported?
As a merchant, I have the CCV when the payment profile is first created, but not later when I want to run transactions against it.  From the docs it would seem that, in order to enable and use the CCV Filter, a merchant would need to also submit the card code with every transaction request.

 

moklett
Contributor
18 REPLIES 18

Not so far, but I haven't experimented much with the CCV Filter because I was afraid of rejecting those transactions (based on the documentation).  I have a live environment that I can run some tests in - I'll post the results.  Thanks.

Would love to see the results!

 

Thank You!

I am also struggling with this issue. We upload CVV values to the CIM gateway only when creating a payment profile. After that, our customers will use their CIM profile to process any further transactions. We cannot ask our customers to re-input CVV values.

 

So am I correct that even when our Authnet account is set to reject bad/nonexistent CVV vales, we can create a CIM transaction without the CVV values... And as long as we have a valid payment profile, Authnet will accept the transaction request?

 

Or are we stuck requiring CVV values for ALL transactions, if our Authnet account is set to require them?

 

Thanks

Once you have a valid payment profile you do not need to ask the customer for any more information. You can use the existing payment profile as is. If that weren't the case then CIM would be almost useless.


-------------------------------------------------------------------------------------------------------------------------------------------
John Conde :: Certified Authorize.Net Developer (Brainyminds) :: Official Authorize.Net Blogger

NEW! Handling Authorize.Net's Webhooks with PHP

Integrate Every Authorize.Net JSON API with One PHP Class (Sample code included)

Tutorials for integrating Authorize.Net with PHP: AIM, ARB, CIM, Silent Post
All About Authorize.Net's Silent Post

Indeed - the whole point of CIM is to store all the information needed for future transactions.  Not only is the CVV not required when submitting a transaction using a payment profile, there is no way to provide it if you wanted to. 

 

If you somehow want to verify that the customer is the same customer who first entered the data, then you could update the payment profile with the CVV added and see if it still validates.

Steve
hotslots132
Regular Contributor
Regular Contributor

 


@hotslots132 wrote:

Indeed - the whole point of CIM is to store all the information needed for future transactions.  Not only is the CVV not required when submitting a transaction using a payment profile, there is no way to provide it if you wanted to. 

 

If you somehow want to verify that the customer is the same customer who first entered the data, then you could update the payment profile with the CVV added and see if it still validates.


 

 

Greetings,

 

I agree with "hotslots132" on  the purpose of CIM, however there is one flaw with the last statement. The ccv2 (card code) can be provided when charging the customer's credit card through the "createCustomerProfileTransaction" request.

 

Please see the facts below:

 

Question:
Is the CCV2 (card code) required when submitting "createCustomerProfileTransaction" types?
 

 

Answer:
Required only when the merchant would like to use the Card Code Verification (CCV) filter.

Reference:
Please see page 24 of 110 of the CIM XML GUIDE

 

 

 

 

 

 

You are absolutely correct - I had missed that the "card code" is an optional input to that.

Steve

Not a problem Steve,

 

It's definitely not a matter of right or wrong, just pointing out the facts. I hope you will do the same for me one day :)

 

Thank You!

 


@hotslots132 wrote:

You are absolutely correct - I had missed that the "card code" is an optional input to that.


 

 

Hi, John,

 

I am using a CIM hosted form, and I want to make sure customer validate their CCV before storing credit card to CIM backend.

 

To do this, I use โ€œsettingsโ€ -> โ€œpayment formโ€ -> โ€œform fieldsโ€, and โ€œrequiredโ€ for โ€œCard Codeโ€. I also select โ€œsettingsโ€ -> โ€œcard code verificationโ€, and set โ€œAllowโ€ for N,P,S,U (just to see if CCV can pass).

 

Now my hosted form will check CCV and validate, but when I use โ€œcreateCustomerProfileTransactionRequestโ€, it ask also for Card Code.

 

But I already validated using the hosted form, and I do not want to verify again. I mean, I do not want my customer to type in CCV every time he wants to purchase, but I want to validate the card the first time when using the hosted form.

 

I checked the thread, but cannot find an answer to this case.

 

How can I do this?