Results 1 to 16 of 16
  1. #1

    Charge a credit card without CVV2

    Can my web site charge a credit card without the CVV2 code?
    As it is not allowed to store the CVV2 code int the database,

    and in my system charging comes in two phases:

    First, the user enter the credit card information togiether with the CVV2 code, but the charged amount is not known at this time.
    After the customer finishes using our services, our system will be ready to charge the credit card.

    As it is not allowed to store the CVV2 code, our system would not have the CVV2 code when charging the credit card, is the system able to charge the credit card withou CVV2? if not, any other suggestions for solutions?

    Thanks a lot.

  2. #2
    Join Date
    Sep 2001
    Location
    Seattle, WA
    Posts
    3,085
    Yes. Merchants are not required to validate the CVV2.
    Jim Reardon - jim/amusive.com

  3. #3
    Thanks.

    However, our system use WorldPay/Paypal to receive money,
    the payment process requires redirecting to WorldPay/Paypal page and user enter credit card information on this page,
    and it seems that CVV2 is a required field,
    I cannot figure out a way to charge a credit card without CVV2!

    Is there something wrong in my understanding?

  4. #4
    Can somebody help as I'm really frustrated about this issue

  5. #5
    Join Date
    Sep 2001
    Location
    Seattle, WA
    Posts
    3,085
    Contact your gateway and ask them. It's not required to process, however, your gateway may require it or may have a specific way you need to process in order to not need it.
    Jim Reardon - jim/amusive.com

  6. #6
    Join Date
    Aug 2001
    Location
    Central USA
    Posts
    200
    The way to solve this issue is actually simple:

    When the customer places the order, you need to perform an AUTH_ONLY transaction to your payment gateway - It will place a temporary charge on their card and return a transaction ID. You then store that transaction ID and the amount of the transaction, and then send that back to the gateway later on with a PRIOR_AUTH_CAPTURE request. You never have to store any credit card details, and the customer can still use their CVV2 code on their site for maximum security. It's a win-win situation.
    InvoiceMore - Online Billing & Invoicing
    phpDataMapper - Object-Oriented PHP5 Data Mapper ORM

  7. #7
    Quote Originally Posted by Czaries View Post
    The way to solve this issue is actually simple:

    When the customer places the order, you need to perform an AUTH_ONLY transaction to your payment gateway - It will place a temporary charge on their card and return a transaction ID. You then store that transaction ID and the amount of the transaction, and then send that back to the gateway later on with a PRIOR_AUTH_CAPTURE request. You never have to store any credit card details, and the customer can still use their CVV2 code on their site for maximum security. It's a win-win situation.
    Thanks for your answer. However, i think it doesn't work. As at AUTH_ONLY transaction, i do not know the transaction amount. This amount is only known at the final transaction stage. Is that I cannot issue an AUTH_ONLY transaction with no transaction amount specified?

  8. #8
    Security Code (CVV2) is basically an assurance that the said person actually has possession of the card.

    Alot of times when you don't use the CVV2 is when you run into 'Billing Address' mismatches.

  9. #9
    Join Date
    Aug 2008
    Location
    Ft Myers FL
    Posts
    40
    I think biilling systems like WHMCS stores the CVV2 number so I do not know if the card processing companies allow/deny that practice

  10. #10
    Join Date
    Sep 2001
    Location
    Seattle, WA
    Posts
    3,085
    No, they don't. It is against acceptance regulations to store the CVV2 number, and if your system does, you can be fined rather large amounts of money for doing so.
    Jim Reardon - jim/amusive.com

  11. #11
    Join Date
    Aug 2008
    Location
    Ft Myers FL
    Posts
    40
    It may be against but I think it is stored

  12. #12
    Join Date
    Sep 2001
    Location
    Seattle, WA
    Posts
    3,085
    No reputable software is going to store it.
    Jim Reardon - jim/amusive.com

  13. #13
    yea, its against card association rules to store the CVV2 code on a card, pretty big deal.

    the purpose of the code is for only visa and the person/entity issued the cardto have it, thus if your cc# gets hijacked on the internet, they would not have your CVV2 #. So its important to keep that information separate

    so the merchant is only allowed to use that code to send a request through the associations to get a "cvv2 match" or "cvv2 mismatch" response, and not store that #

    and the answer is, no you dont need to submit it, but some banks will reject a transaction with no, or the incorrect cvv2 submitted

  14. #14
    Quote Originally Posted by edmond dantes View Post
    yea, its against card association rules to store the CVV2 code on a card, pretty big deal.

    the purpose of the code is for only visa and the person/entity issued the cardto have it, thus if your cc# gets hijacked on the internet, they would not have your CVV2 #. So its important to keep that information separate

    so the merchant is only allowed to use that code to send a request through the associations to get a "cvv2 match" or "cvv2 mismatch" response, and not store that #

    and the answer is, no you dont need to submit it, but some banks will reject a transaction with no, or the incorrect cvv2 submitted
    Thanks for your answer.
    You mentioned some banks will reject transactions with no cvv2 submitted. I want to ask is there a large number of such banks?

  15. #15
    charging a customer's card with no CVV is dangerous, most of the time customer's would have the cvv and it's the best way to fight fraud as of now and avs..

  16. #16
    Quote Originally Posted by eroy4u View Post
    Thanks for your answer.
    You mentioned some banks will reject transactions with no cvv2 submitted. I want to ask is there a large number of such banks?
    no, i wouldnt say its the majority, but some do it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •