I have the same requirement.
We run lots of online card not present sales transactions and want CVV to be required to protect against fraud.
In our case, if customer chooses to save card info in CIM, we don't mind making them enter CVV again when charging to the saved card, althoug ideally, we would let them run charges without it.
But when a customer chooses a multiple payments option for an invoice, we want our merchant to be able to run the saved card, without knowing the CVV. So we'd like a way to send the transaction request with a flag to indicate that we want to skip the CVV check in that case.
This is similar to the caterer use case to allow the merchant to run the saved card to pay for a customer invoice.
So is there any way to do this short of saving the CVV codes in our own database, which defeats the purpose of CIM (for reduced PCI scope)?
Or does auth.net recommed we dump CIM and store all card info ourselves for such cases?
Or, can we flip it around and turn OFF CVV validation for the whole merchant account and then have an override to turn it back on for online end customer entered CNP transactions?