Understanding and Configuring the Card Code Verification (CCV)

Card Code Verification is a standard credit card security feature supported by Authorize.net. It compares the card code provided by a customer for a credit card transaction with the card code on file for the cardholder at the credit card issuing bank. The issuing bank then returns a code to the payment gateway indicating the results of the match. For instance, the code 'M' indicates that the card code matched.

The Card Code Verification filter provides a basic level of protection against suspicious transactions. However, it's not meant to be an absolute safeguard or suitable for all processing scenarios. There can be several reasons why a card code might not match. While it's not mandatory to reject a transaction due to a card code mismatch, we recommend enabling some level of card code verification. For a more comprehensive approach to fraud prevention, consider enabling and using the Authorize.net Advanced Fraud Detection Suite (AFDS) in conjunction with Card Code Verification. You can learn more about this here.

You can configure the CCV filter settings in the Merchant Interface to specify when a transaction should be rejected based on the results of the CCV match. The following result codes are possible:

• M = Match - The CVV2 code entered matched that of the credit card.
• N = Does Not Match - The code entered is incorrect.
• P = Is Not Processed - The code was not validated.
• S = Should be on card but not so indicated - The customer left that field blank.
• U = Issuer not certified or has not provided encryption key - The card issuing bank does not participate in the CVV2 program or hasn't provided the key so that the code can be validated.

Steps to Configure Transaction Rejection Settings Based on the CCV Response Code:

1. Log into the Merchant Interface.
2. Click Account from the main toolbar.
3. Select Settings.
4. Click Basic/Enhanced Card Code Verification  Address Verification in the Security Settings section.
5. Select the check box(es) next to the CVV codes for which the payment gateway should reject transactions.
6. Click Submit.

American Express Card Code Verification:

By default, your American Express Merchant Account may not be enabled for card code verification. American Express Card Code, also known as Card Identification Digits (CID), is the four-digit code printed on the front of the card. Please note that the three-digit code on the back of an American Express card is not the CID used for card code verification.

For more information about American Express CID, or to verify if your American Express Merchant Account is enabled to process CID, please contact your American Express representative or American Express Merchant Services.

If your American Express Merchant Account does not support card code verification, you should ensure that your Authorize.Net account does not reject legitimate American Express transactions by configuring your account to accept card code verification responses P and U.

Note: By changing these settings, you accept any risk associated with processing international transactions as dictated by your Merchant Service Provider.