Reply
Highlighted
Member
Posts: 4
Registered: ‎10-29-2011
Accepted Solution

Why does entering a different CVV generates a duplicate transaction response?

Hi,

 

I read from the customer support page that CVV is not one of the data fields that is validated for a duplicate transaction. There is a chance that the customer might enter the wrong CVV. A re-enter of the CVV triggers the duplicate transaction response. What is the rationale of excluding CVV in the validation process?


Accepted Solutions
Highlighted
Solution
Accepted by topic author qwertyfinger
‎08-21-2015 01:58 AM
Administrator
Posts: 591
Registered: ‎08-21-2009

Re: Why does entering a different CVV generates a duplicate transaction response?

As you likely know, PCI and card issuer rules prohibit storing the card code in any form.  These rules apply to Authorize.Net just as they apply to you as the merchant, we only pass the card code entry through to the processing network and never store it within our system.  Because we do not have a record of what Card Code was used in each transaction, we have no way of detecting if it has changed between transactions and cannot use it in our check for transaction duplication.

View solution in original post


All Replies
Highlighted
Posts: 1,609
Topics: 15
Kudos: 201
Solutions: 121
Registered: ‎06-23-2011

Re: Why does entering a different CVV generates a duplicate transaction response?

It's possible to modify your settings to allow transactions to run through without a CVV match, since CVV is really just security for the primary card information. Therefore, it makes sense to not use CVV in duplicate checking, since you could run the same transaction through with different CVV values and have both be a success. Check your control panel and see if it's set to reject on bad CVV.

Highlighted
Solution
Accepted by topic author qwertyfinger
‎08-21-2015 01:58 AM
Administrator
Posts: 591
Registered: ‎08-21-2009

Re: Why does entering a different CVV generates a duplicate transaction response?

As you likely know, PCI and card issuer rules prohibit storing the card code in any form.  These rules apply to Authorize.Net just as they apply to you as the merchant, we only pass the card code entry through to the processing network and never store it within our system.  Because we do not have a record of what Card Code was used in each transaction, we have no way of detecting if it has changed between transactions and cannot use it in our check for transaction duplication.