Hi,
I read from the customer support page that CVV is not one of the data fields that is validated for a duplicate transaction. There is a chance that the customer might enter the wrong CVV. A re-enter of the CVV triggers the duplicate transaction response. What is the rationale of excluding CVV in the validation process?
Solved! Go to Solution.
11-06-2011 07:34 AM
As you likely know, PCI and card issuer rules prohibit storing the card code in any form. These rules apply to Authorize.Net just as they apply to you as the merchant, we only pass the card code entry through to the processing network and never store it within our system. Because we do not have a record of what Card Code was used in each transaction, we have no way of detecting if it has changed between transactions and cannot use it in our check for transaction duplication.
11-07-2011 04:06 PM
It's possible to modify your settings to allow transactions to run through without a CVV match, since CVV is really just security for the primary card information. Therefore, it makes sense to not use CVV in duplicate checking, since you could run the same transaction through with different CVV values and have both be a success. Check your control panel and see if it's set to reject on bad CVV.
11-06-2011 12:17 PM
As you likely know, PCI and card issuer rules prohibit storing the card code in any form. These rules apply to Authorize.Net just as they apply to you as the merchant, we only pass the card code entry through to the processing network and never store it within our system. Because we do not have a record of what Card Code was used in each transaction, we have no way of detecting if it has changed between transactions and cannot use it in our check for transaction duplication.
11-07-2011 04:06 PM