Can my web site charge a credit card without the CVV2 code?
As it is not allowed to store the CVV2 code int the database,

and in my system charging comes in two phases:

First, the user enter the credit card information togiether with the CVV2 code, but the charged amount is not known at this time.
After the customer finishes using our services, our system will be ready to charge the credit card.

As it is not allowed to store the CVV2 code, our system would not have the CVV2 code when charging the credit card, is the system able to charge the credit card withou CVV2? if not, any other suggestions for solutions?

Thanks a lot.

Yes. Merchants are not required to validate the CVV2.

Thanks.

However, our system use WorldPay/Paypal to receive money,
the payment process requires redirecting to WorldPay/Paypal page and user enter credit card information on this page,
and it seems that CVV2 is a required field,
I cannot figure out a way to charge a credit card without CVV2!

Is there something wrong in my understanding?

Can somebody help as I'm really frustrated about this issue

Contact your gateway and ask them. It's not required to process, however, your gateway may require it or may have a specific way you need to process in order to not need it.

The way to solve this issue is actually simple:

When the customer places the order, you need to perform an AUTH_ONLY transaction to your payment gateway - It will place a temporary charge on their card and return a transaction ID. You then store that transaction ID and the amount of the transaction, and then send that back to the gateway later on with a PRIOR_AUTH_CAPTURE request. You never have to store any credit card details, and the customer can still use their CVV2 code on their site for maximum security. It's a win-win situation.

The way to solve this issue is actually simple:

When the customer places the order, you need to perform an AUTH_ONLY transaction to your payment gateway - It will place a temporary charge on their card and return a transaction ID. You then store that transaction ID and the amount of the transaction, and then send that back to the gateway later on with a PRIOR_AUTH_CAPTURE request. You never have to store any credit card details, and the customer can still use their CVV2 code on their site for maximum security. It's a win-win situation.
Thanks for your answer. However, i think it doesn't work. As at AUTH_ONLY transaction, i do not know the transaction amount. This amount is only known at the final transaction stage. Is that I cannot issue an AUTH_ONLY transaction with no transaction amount specified?

Security Code (CVV2) is basically an assurance that the said person actually has possession of the card.

Alot of times when you don't use the CVV2 is when you run into 'Billing Address' mismatches.

I think biilling systems like WHMCS stores the CVV2 number so I do not know if the card processing companies allow/deny that practice

No, they don't. It is against acceptance regulations to store the CVV2 number, and if your system does, you can be fined rather large amounts of money for doing so.

It may be against but I think it is stored

No reputable software is going to store it.

yea, its against card association rules to store the CVV2 code on a card, pretty big deal.

the purpose of the code is for only visa and the person/entity issued the cardto have it, thus if your cc# gets hijacked on the internet, they would not have your CVV2 #. So its important to keep that information separate

so the merchant is only allowed to use that code to send a request through the associations to get a "cvv2 match" or "cvv2 mismatch" response, and not store that #

and the answer is, no you dont need to submit it, but some banks will reject a transaction with no, or the incorrect cvv2 submitted

yea, its against card association rules to store the CVV2 code on a card, pretty big deal.

the purpose of the code is for only visa and the person/entity issued the cardto have it, thus if your cc# gets hijacked on the internet, they would not have your CVV2 #. So its important to keep that information separate

so the merchant is only allowed to use that code to send a request through the associations to get a "cvv2 match" or "cvv2 mismatch" response, and not store that #

and the answer is, no you dont need to submit it, but some banks will reject a transaction with no, or the incorrect cvv2 submitted

Thanks for your answer.
You mentioned some banks will reject transactions with no cvv2 submitted. I want to ask is there a large number of such banks?

charging a customer's card with no CVV is dangerous, most of the time customer's would have the cvv and it's the best way to fight fraud as of now and avs..

Thanks for your answer.
You mentioned some banks will reject transactions with no cvv2 submitted. I want to ask is there a large number of such banks?

no, i wouldnt say its the majority, but some do it.