Using CVV2. When accepting Visa cards in card-not-present transactions, merchants should follow these procedures:
- Ask customers for the last three digits in the signature panel on the back of the card. Do not ask for the CVV2 number as customers will most likely have no idea what this is.
- Depending on the response the customer gives to your CVV2 request, you should include one of the following indicators in your authorization request, along with the card's expiration date and the account number:
- "0" - if the CVV2 is not included in the authorization request.
- "1" - if the CVV2 is included in the authorization request.
- "2" - if your customer has stated that the CVV2 is illegible.
- "9" - if your customer has stated that the CVV2 is not on the card.
- When you receive the CVV2 result code, you should take it into consideration, along with all other factors. You will receive one of the following result codes:
- "M" – Match - the CVV2 is valid.
- "N" – No Match - the CVV2 is not valid, a very strong indicator of fraud. It may, however, be the result of a key-entry error, so you may consider resubmitting the CVV2 request.
- "P" – CVV2 request not processed - you should resubmit the request.
- "S" – the cardholder has stated that the CVV2 is not on the card. The CVV2 code should be printed on all Visa cards. In the case of an "S" response you should verify that the customer is looking for it in the right place.
- "U" – the card issuer does not support CVV2. In this case you should considering other fraud prevention services.
Posts
0 comments:
Post a Comment