CVV Verification is a tool that helps verify if the cardholder has possession of the physical card. While it is not effective against lost or stolen card fraud, it is an additional check beneficial in e-Commerce channels since the Card Security Code (CSC) is only printed on a physical card and is not available anywhere else.

Use Cases

• e-Commerce Transactions: merchants can accept CVV2 online to help ensure the customer possesses the physical card when making purchases.
• First Time Transactions: When a customer makes their first purchase, requiring CVV2 helps prevent fraudsters from using stolen card numbers.
• Card Not Present Transactions: Transactions where the payment card is not physically present, which could include virtual terminal transactions submitted using Creating a Transaction in the TabaPay Portal.

Benefits

CVV2 verification is used as a mechanism to reduce fraud in the Card Not Present (CNP) environment, where a possession of physical card alone isn't sufficient to conduct an e-commerce transaction.

However, collecting and verifying CVV2 does not rule out phishing attacks where the CVV2 has been obtained along with the rest of the card details in a fraudulent manner.

📘

Recurring and Merchant Initiated Transactions

Since CVV2 cannot be stored, you must consider customer experience/friction scenarios for recurring, subscription payments, and for merchant initiated transactions before collecting CVV2 before authorizations.

How CVV2 Verification works

In terms of implementation, CVV2 Verification works similar to Address Verification Service (AVS) where customer's CVV2 information is provided with the rest of the card details in the Query Card API. TabaPay checks the information with card issuers, and returns back verification results based on instructions received from issuers.

Recipes

See TabaPay API request examples with CVV/CSC included.