cancel
Showing results for 
Search instead for 
Did you mean: 

Recurring Billing Without CCV Code (AIM)

I would like to process recurring transaction using AIM. To remain PCI compliant, the storing of CCV codes is not allowed. However, in order to reduce fraud I would still like to use the Fraud Detection Suite's CCV handler on initial transactions. 

 

What I want to do is this. When a customer first signs up, they enter the CC details including the CCV code, and this transaction is run thorugh the Fraud Detection Suite and all CCV missmatches are declined. 

 

When my software processes a subsequent recurring charge on the credit card, however, the CCV code would not be present and we are not allowed to store such information. FOr this reason the recurring charge that is processed through AIM would not include a CCV code at all, but I would need it to not get declined by the Fraud Detection Suite that is set up to deny all payments with a CCV mistmatch. 

 

Is this possible? Is the only way to process recurring transaction via AIM to disable the CCV Fraud Detection completely?

voidix
Member
5 REPLIES 5

If all you want to check for fraud is CCV code, you could just look at the CCV response to decide if you want to void the transaction.

fields index 39

http://developer.authorize.net/guides/AIM/wwhelp/wwhimpl/js/html/wwhelp.htm#href=4_TransResponse.htm...

RaynorC1emen7
Expert

Yes I want to use CCV to check for fraud, but the problem is that I only want the Fraud Detection filters to apply to the initial transaction. All following recurring transactions would not include the CCV at all (because PCI compliance forbids the storing of CCV codes).

 

A customer signs up and enters their full credit card details, including CCV. The Fraud Detecton Suite is configured to declined all CCV mismatches. Once a transaction is completed successfully (verifying the CCV), the customer's credit card information is stored on my server and used for all future reecurring transactions via AIM. All of these following transactions would not include the CCV code, as the storing of this information breaks PCI compliance. They would not be necessary after the intial transaction, however, as the CCV code was already used to verify the legetimacy of the customer. 

 

I assume that all recurring billing is done this way (even authorize.net's ARB system). The questions is: is it possible to do this via a custom AIM setup? If I set up the Fraud Detection Suite, wont it just decline all future recurring transations when the CCV code is not present? Is it possible to apply CCV Fraud Detection to only the initial transaction, but have all recurring transactions not get declined by the lack of a CCV?

You can't. You have to code it to look at the response on the initial transaction.

How would I do that? Would I need to disable the Fraud Detection Suite, and then create an initial transaction of .01 to verify CCV via the response, and then charge the full transaction?

Disable the Fraud Detection CCV filter, run the AIM transaction with the full amount, check the response, if the CCV response is so and so, void the transaction.  You might not want to test it with a 0.01 transaction as it will be another transaction fee, but that your business decision.