Results 1 to 16 of 16
-
08-13-2008, 03:28 PM #1Disabled
- Join Date
- Dec 2007
- Posts
- 25
Charge a credit card without CVV2
Can my web site charge a credit card without the CVV2 code?
As it is not allowed to store the CVV2 code int the database,
and in my system charging comes in two phases:
First, the user enter the credit card information togiether with the CVV2 code, but the charged amount is not known at this time.
After the customer finishes using our services, our system will be ready to charge the credit card.
As it is not allowed to store the CVV2 code, our system would not have the CVV2 code when charging the credit card, is the system able to charge the credit card withou CVV2? if not, any other suggestions for solutions?
Thanks a lot.
-
08-13-2008, 04:50 PM #2Web Hosting Master
- Join Date
- Sep 2001
- Location
- Seattle, WA
- Posts
- 3,085
Yes. Merchants are not required to validate the CVV2.
Jim Reardon - jim/amusive.com
-
08-14-2008, 03:29 AM #3Disabled
- Join Date
- Dec 2007
- Posts
- 25
Thanks.
However, our system use WorldPay/Paypal to receive money,
the payment process requires redirecting to WorldPay/Paypal page and user enter credit card information on this page,
and it seems that CVV2 is a required field,
I cannot figure out a way to charge a credit card without CVV2!
Is there something wrong in my understanding?
-
08-15-2008, 02:07 AM #4Disabled
- Join Date
- Dec 2007
- Posts
- 25
Can somebody help as I'm really frustrated about this issue
-
08-15-2008, 02:10 AM #5Web Hosting Master
- Join Date
- Sep 2001
- Location
- Seattle, WA
- Posts
- 3,085
Contact your gateway and ask them. It's not required to process, however, your gateway may require it or may have a specific way you need to process in order to not need it.
Jim Reardon - jim/amusive.com
-
08-15-2008, 01:01 PM #6Junior Guru
- Join Date
- Aug 2001
- Location
- Central USA
- Posts
- 200
The way to solve this issue is actually simple:
When the customer places the order, you need to perform an AUTH_ONLY transaction to your payment gateway - It will place a temporary charge on their card and return a transaction ID. You then store that transaction ID and the amount of the transaction, and then send that back to the gateway later on with a PRIOR_AUTH_CAPTURE request. You never have to store any credit card details, and the customer can still use their CVV2 code on their site for maximum security. It's a win-win situation.
-
08-28-2008, 08:59 AM #7Disabled
- Join Date
- Dec 2007
- Posts
- 25
-
09-02-2008, 04:26 PM #8Disabled
- Join Date
- Nov 2007
- Posts
- 238
Security Code (CVV2) is basically an assurance that the said person actually has possession of the card.
Alot of times when you don't use the CVV2 is when you run into 'Billing Address' mismatches.
-
09-02-2008, 05:59 PM #9Junior Guru Wannabe
- Join Date
- Aug 2008
- Location
- Ft Myers FL
- Posts
- 40
I think biilling systems like WHMCS stores the CVV2 number so I do not know if the card processing companies allow/deny that practice
-
09-02-2008, 06:02 PM #10Web Hosting Master
- Join Date
- Sep 2001
- Location
- Seattle, WA
- Posts
- 3,085
No, they don't. It is against acceptance regulations to store the CVV2 number, and if your system does, you can be fined rather large amounts of money for doing so.
Jim Reardon - jim/amusive.com
-
09-03-2008, 08:04 AM #11Junior Guru Wannabe
- Join Date
- Aug 2008
- Location
- Ft Myers FL
- Posts
- 40
It may be against but I think it is stored
-
09-03-2008, 02:24 PM #12Web Hosting Master
- Join Date
- Sep 2001
- Location
- Seattle, WA
- Posts
- 3,085
No reputable software is going to store it.
Jim Reardon - jim/amusive.com
-
09-03-2008, 08:20 PM #13Disabled
- Join Date
- Aug 2008
- Posts
- 89
yea, its against card association rules to store the CVV2 code on a card, pretty big deal.
the purpose of the code is for only visa and the person/entity issued the cardto have it, thus if your cc# gets hijacked on the internet, they would not have your CVV2 #. So its important to keep that information separate
so the merchant is only allowed to use that code to send a request through the associations to get a "cvv2 match" or "cvv2 mismatch" response, and not store that #
and the answer is, no you dont need to submit it, but some banks will reject a transaction with no, or the incorrect cvv2 submitted
-
09-12-2008, 07:46 AM #14Disabled
- Join Date
- Dec 2007
- Posts
- 25
-
09-12-2008, 03:21 PM #15New Member
- Join Date
- Sep 2008
- Posts
- 1
charging a customer's card with no CVV is dangerous, most of the time customer's would have the cvv and it's the best way to fight fraud as of now and avs..
-
09-12-2008, 04:01 PM #16Disabled
- Join Date
- Aug 2008
- Posts
- 89