As of October 14, 2017, Bambora is going to require that the CVD/CVV (the 3-4 digit code found on the back of credit card) is passed in all transactions for all newly boarded merchants. This update is required to meet Visa latest standards, and we will are requiring the CVD for all card brands not just Visa.
What is a CVD/CVV Security Code?
The CVD/CVV is a 3-digit number on the back of a Visa or MasterCard, and a 4-digit number on the front of an Amex.
CVD/CVV codes cannot be obtained by fraudulently skimming data during the swipe process, as they are only found on the physical card. These numbers help verify that a customer is the valid owner of a card.
Why the change?
To address card-not-present fraud, Visa is requesting that all newly boarded merchants in Canada must capture the CVD and include it in the authorization request.
What does it mean?
For any merchant boarded after October 14th, 2017, the CVD code must be passed for all transactions otherwise the transaction will be declined.
Existing merchants are being given an extended deadline of September 2018. We are however recommending all of our merchants and partners to make the update sooner in preparation.
Note that because you cannot store the security code, the setting won’t apply for the following payments flows: payment profile, recurring billing, 3D secure, wallets transactions, and credit card batch.
Impact for integrated partners
Integrated partners processing on behalf of their merchants need to make sure that their solution allows CVD to be passed effective October 14th, 2017. All newly boarded merchants will be required to pass the field. Otherwise, the transaction will be declined.
In 2018, we will require that all merchants pass CVD. We are strongly recommending to make one update to your system to require CVD for new and existing merchants.
Steps to make CVD Required:
I currently use Checkout
- Log on to the Online Member Area
- On the menu, click administration> account settings> order settings.
- In the Payment Gateway> Validation Options section, select the Require CVD numbers for credit card transactions check box. (option won’t be available anymore for new merchants boarded after Oct 14, 2017)
Once the feature is turned on, the CVD field will be added to the checkout form.
I currently use Custom Checkout
Pass the field name: cvv
Please note this is the only instance you use cvv and not cvd.
I currently use the Web/Virtual Terminal
In the web/virtual terminal, the user just needs to complete the CVD field.
If you have customized the web terminal, you’ll need to add the CVD field to the form:
- In the Online Member Area, from the menu, click configuration> terminal configuration.
- The terminal configuration page includes a list of fields.
- Mark the CVD field as required
I currently use the APIs
Add CVD in the REST payment request:
RESTful Payment API URL: https://api.na.bambora.com/v1/payments
Query string API
Add the CVD field in the query string API.
Query string Payment API URL: https://api.na.bambora.com/scripts/process_transaction.asp
What happens when the CVD is a mismatch?
Bambora users have flexible risk management controls. You have the option to reverse a transaction when CVD and/or AVS fields are returned as a mismatch. This optional feature is configured in the Online Member Area under: administration> account settings> order settings.