Reply
Member
Posts: 7
Registered: ‎11-30-2017
Accepted Solution

Mandatory CVV (Visa requirement) and use of customer profiles

Hello,

 

I would like to have more information about how Visa's requirement to pass the CVV for each transaction will be implemented with customer profiles.

 

Could customer profiles be created without providing the CVV?

If yes, if we have existing customer profiles without a CVV, would transactions fail when the mandatory CVV rule is effective in October?

 

Thank you!


Accepted Solutions
Solution
Accepted by topic author kecommerce
‎07-23-2018 06:37 AM
Authorize.Net Developer
Posts: 11
Registered: ‎12-05-2017

Re: Mandatory CVV (Visa requirement) and use of customer profiles

 

Thanks for providing the reference. Just to make sure we're on the same page, this Visa rule applies to the Canada region only.

 

Answers to your questions:

 

Q. Could customer profiles be created without providing the CVV?


A. Yes. The CVV (referred to as 'cardCode' field in our API) is optional when creating a customer profile. If passed in, the cardCode field is only used for validation and is not stored in the customer profile. It should only be used when submitting validationMode with a value of testMode or liveMode. 

 

Please refer to the API documentation for additional detail:

https://developer.authorize.net/api/reference/#customer-profiles-create-customer-profile

 

 

Q. If yes, if we have existing customer profiles without a CVV, would transactions fail when the mandatory CVV rule is effective in October?

 

A. No, not necessarily. Per Visa Rules section 10.12.2.2 Card Verification Value 2 (CVV2) Requirements – Canada Region:

 

"Effective 13 October 2018 for a Mail/Phone Order Merchant or Electronic Commerce Merchant

 

A Mail/Phone Order Merchant or Electronic Commerce Merchant must capture the CVV2 and include it in the Authorization Request.

 

This does not apply to:

* A Transaction that uses a Stored Credential

* Effective 14 April 2018

   - A Transaction initiated with a payment Token"

 

You can find details on the rule in the latest Visa Core Rules document:

https://usa.visa.com/dam/VCOM/download/about-visa/visa-rules-public.pdf 

 

 

 

View solution in original post


All Replies
Authorize.Net Developer
Posts: 11
Registered: ‎12-05-2017

Re: Mandatory CVV (Visa requirement) and use of customer profiles

Hi,

 

To help us answer your question, please clarify which specific Visa rule you are referring to. Do you have a document or web page link you can share?

 

Thank you.

 

 

Member
Posts: 7
Registered: ‎11-30-2017

Re: Mandatory CVV (Visa requirement) and use of customer profiles

Hello,

 

I am referring to the requirement to use the CVV for all e-commerce transactions. This requirement only applied to new merchants last yeat but will apply to all merchants on October 13, 2018.

 

Here is a link to a brochure from Visa regarding this requirement:

 

https://www.moneris.com/~/media/Files/2017/visa-security-mandates/Expanded-CVV2-One-pager.pdf

 

Best regards

Solution
Accepted by topic author kecommerce
‎07-23-2018 06:37 AM
Authorize.Net Developer
Posts: 11
Registered: ‎12-05-2017

Re: Mandatory CVV (Visa requirement) and use of customer profiles

 

Thanks for providing the reference. Just to make sure we're on the same page, this Visa rule applies to the Canada region only.

 

Answers to your questions:

 

Q. Could customer profiles be created without providing the CVV?


A. Yes. The CVV (referred to as 'cardCode' field in our API) is optional when creating a customer profile. If passed in, the cardCode field is only used for validation and is not stored in the customer profile. It should only be used when submitting validationMode with a value of testMode or liveMode. 

 

Please refer to the API documentation for additional detail:

https://developer.authorize.net/api/reference/#customer-profiles-create-customer-profile

 

 

Q. If yes, if we have existing customer profiles without a CVV, would transactions fail when the mandatory CVV rule is effective in October?

 

A. No, not necessarily. Per Visa Rules section 10.12.2.2 Card Verification Value 2 (CVV2) Requirements – Canada Region:

 

"Effective 13 October 2018 for a Mail/Phone Order Merchant or Electronic Commerce Merchant

 

A Mail/Phone Order Merchant or Electronic Commerce Merchant must capture the CVV2 and include it in the Authorization Request.

 

This does not apply to:

* A Transaction that uses a Stored Credential

* Effective 14 April 2018

   - A Transaction initiated with a payment Token"

 

You can find details on the rule in the latest Visa Core Rules document:

https://usa.visa.com/dam/VCOM/download/about-visa/visa-rules-public.pdf 

 

 

 

Member
Posts: 7
Registered: ‎11-30-2017

Re: Mandatory CVV (Visa requirement) and use of customer profiles

Hello vladimir,

 

Thank you for these very clear answers!