cancel
Showing results for 
Search instead for 
Did you mean: 

Override CVV validation for CIM account

Hi,

 

Here's is one feature I would really like to have: for customer accounts that we store in CIM, allow for charges to go through without CVV code.  At the moment, CVV validation is a global setting.  Either you have it for all or for none.  The ideal situation for us is to be able to check for CVV validity for new cards/accounts, but once we store that info in CIM we don't require CVV to process charges. 

 

The point of CIM is to make it easy for our customers to make subsequent transactions.  It takes away from this convenience if they still have to take their card out to look up their CVV on their subsequent transactions.

 

Can you (Authorize) please consider this feature?  Thank you.

 

P

privateuly
Member
Member
11 REPLIES 11

I would like this as well. Makes no sense to require CVV after the initial check.

TJPride
Expert

Thank you privateuly and TJpride for your feedback.

 

I've passed your suggestion on to our product team for consideration in a future release.

 

Richard

RichardH
Administrator Administrator
Administrator

Thank you Richard.  Hope to see this feature in the product. 

Hi Richard,

 

This is a real problem for us - our platform allows caterers to use the CIM to process payments from regular customers.

 

However, if the caterer wants to use CVV for new/customers without saved cards then he needs to contact the Customer to obtain the CVV for the CIM transactions. This is impractical for high activity/low transaction values as well as an inconvenience to the customer.

 

Given this conversation was 3 years ago, I'm assuming you're not planning to change as per the suggestion, above?

 

Is there any way around this?

 

Hello @murraymcnicol

 

One possible solution is turning off requiring CVV in the Merchant Interfaceuse and use the new Accept Customer hosted forms with set hostedProfileCardCodeRequired as True.

 

However, we would strongly recommend discussing this change with your merchant account provider before making any change so you understand possible implications.

 

Richard

Has there been a better workaround or solution for this yet?  It has been 5 years.  

Can you help me understand your workflow? CVV is not a required field and the card validation is optional. The answer to your question may depend on how profiles are entered into the Authorize.Net system.

I have the same requirement.

 

We run lots of online card not present sales transactions and want CVV to be required to protect against fraud.

 

In our case, if customer chooses to save card info in CIM, we don't mind making them enter CVV again when charging to the saved card, althoug ideally, we would let them run charges without it.

 

But when a customer chooses a multiple payments option for an invoice, we want our merchant to be able to run the saved card, without knowing the CVV.  So we'd like a way to send the transaction request with a flag to indicate that we want to skip the CVV check in that case.

 

This is similar to the caterer use case to allow the merchant to run the saved card to pay for a customer invoice.

 

So is there any way to do this short of saving the CVV codes in our own database, which defeats the purpose of CIM (for reduced PCI scope)? 

 

Or does auth.net recommed we dump CIM and store all card info ourselves for such cases?

 

Or, can we flip it around and turn OFF CVV validation for the whole merchant account and then have an override to turn it back on for online end customer entered CNP transactions?

 

krobson
Contributor

@krobson

 

When the customer enter their card data the first time, are you using your own form or an Authorize.Net Accept solution?

 

Also, I should mention it is strictly prohibited by PCI DSS to save a CVV number.

 

Richard