Card Verification Value (CVV) is a basic fraud prevention and verification tool for credit card processing. Per PCI Compliance regulations, the CVV value can never be stored. Because of this, anyone who has access to a stored credit card number will have a limited ability to issue fraudulent transactions on the credit card. Obtaining a matching CVV value has no effect on credit card processing rates, but it does assist in preventing fraud.
For each transaction, the merchant will receive a CVV response code. This single letter code will indicate if the CVV was provided, to what degree the CVV matched, or if the bank does not participate in CVV.
By configuring CVV rules in the gateway, merchants can accept or decline transactions* and verifications based upon the match or mismatch of the information submitted.
By default, no CVV rules are configured in the gateway when an account is set up. These are configured by selecting "Processing" in the control panel.
* Note: AVS and CVV rules will only apply to verifications and transactions created on full card numbers. AVS and CVV rules will not apply to transactions created on a payment method token, including recurring transactions.
Merchants are able to fully customize the conditions under which they will reject transactions based on the CVV response. Merchants can choose to reject all transactions that return a particular CVV mismatch response, or only transactions that fall within a customizable set of conditions. Customizable conditions include:
Merchants can add multiple CVV rejection conditions to fully customize their CVV rules.
If merchants are concerned about fraud, we recommend they choose to reject all transactions if the CVV does not match (when provided).
Because merchants receive the exact reason why a transaction has failed their CVV rules, each failed transaction can be handled uniquely. Referencing the specific code that indicates a CVV mismatch, the merchant can then prompt the customer to re-enter their CVV.
Additionally, the Braintree Gateway automatically passes any non secure customer data back to the merchant in the transaction response. Merchants can use this data to automatically re-populate the forms on their website. This eliminates the need for the customer to re-enter all non secure data after a failed transaction.
© 2007-2012 Braintree, Inc. All rights reserved. Braintree is a registered ISO/MSP of Wells Fargo Bank, N.A., Walnut Creek, CA
