05-19-2011 03:07 PM
Our company would like to turn on the CCV Filter but before we do so, we want to understand how this will interact with saved payment profiles created using the CIM API. Our basic question is as follows:
If the CCV Filter is turned on, can new transactions be created with a saved CIM Payment Profile without sending the CCV or will these transactions be denied?
The following thread appears to be asking the same question but I have read and reread it several times and am unclear on the answer.
The major source of confusion for me is the following line in the createCustomerProfileTransactionRequest of the CIM API documentation (page 27):
"[cardCode] is required if the merchant would like to use the CCV security feature."
Is this sentance to be interperated as:
1) If the CCV filter is turned on, cardCode is required and needs to be sent with all createCustomerProfileTransactionRequest's otherwise the calls will fail.
2) If the CCV filter is turned on, you can send a call to createCustomerProfileTransactionRequest either with or without the cardCode field. If you do not send cardCode, the transaction can still succeed but Authorize.net won't run it through the CCV filter. If you do send the cardCode field, the transaction will only succeed if it passes the CCV filter.
I cannot simply turn on the feature and test as we have many live transaction going on every second and we cannot have transaction failing as a result.
Does anyone know if the answer to my question is to interperate the above sentence from the docs as option 1 or option 2? Appreciate any help that can be given.
05-25-2011 03:12 PM
First, it is important to know that Card Code Verification (like Address Verification) only actually occurs if a card code is submitted. Enabling the Card Code Verification filters will not affect transactions submitted without a card code.
Second, you need to understand that card codes will never be stored as a part of the customer's payment profile. Storing the card code in this manner would be a direct violation of PCI guidelines. When a card code is submitted with the request to create a customer payment profile, it is only used for the immediate profile verification transaction.
05-26-2011 02:32 PM - edited 05-26-2011 02:35 PM
In short, I believe the answer to your question is #2. If you send the code again, it will be used. If you don't send it, the transaction will not be rejected simply because you have the filter on.