CVD - New Payment Detail Required
Anyone processing credit card transactions.
Any credit card transaction processed without the CVD after September 2018 will fail.
What is CVD?
The CVD/CVV is a 3-digit number on the back of a Visa or MasterCard, and a 4-digit number on the front of an Amex.
CVD/CVV codes cannot be obtained by fraudulently skimming data during the swipe process, as they are only found on the physical card. These numbers help verify that a customer is the valid owner of a card.
Why the update?
To address card-not-present fraud, Visa is requesting that all newly boarded merchants in Canada must capture the CVD and include it in the authorization request. Bambora is anticipating an industry-wide change soon, so we are requiring it for all card types not just Visa.
Steps to take?
I currently use Checkout
- Log on to the Online Member Area
- On the menu, click administration> account settings> order settings.
- In the Payment Gateway> Validation Options section, select the Require CVD numbers for credit card transactions check box. (option won’t be available anymore for new merchants boarded after Oct 14, 2017)
Once the feature is turned on, the CVD field will be added to the checkout form.
I currently use Custom Checkout
Pass the field name: cvv
Please note this is the only instance you use cvv and not cvd.
I currently use the Web/Virtual Terminal
In the web/virtual terminal, the user just needs to complete the CVD field.
If you have customized the web terminal, you’ll need to add the CVD field to the form:
- In the Online Member Area, from the menu, click configuration> terminal configuration.
- The terminal configuration page includes a list of fields.
- Mark the CVD field as required
I currently use the APIs
Add CVD in the REST payment request:
RESTful Payment API URL: https://api.na.bambora.com/v1/payments
Query string API
Add the CVD field in the query string API.
Query string Payment API URL: https://api.na.bambora.com/scripts/process_transaction.asp
What happens when the CVD is a mismatch?
Bambora users have flexible risk management controls. You have the option to reverse a transaction when CVD and/or AVS fields are returned as a mismatch. This optional feature is configured in the Online Member Area under: administration> account settings> order settings
I use Payment Profiles, Recurring Billing, 3D Secure, Wallets Transactions, and Credit Card Batch. Am I impacted?
No, because you cannot store the security code.