If the Cardholder Authentication Verification Value (CAVV) cryptogram is present a 3DS, Apple Pay, or Google Pay Create Transaction API request, then the CAVV is included in the Authorization message sent to the card network.

The issuer then verifies the CAVV to confirm the cardholder was authenticated or not when verifying the cryptogram value.

CAVV Results Code is for Visa
UCAF Collection Downgrade Indicator is for MasterCard

When available from the card networks in the Authorization Response, TabaPay will relay the CAVV Results Code in the API response in the codeUCAF field. See the response or learn more about response field descriptions.

Use Cases

3DS card-not-present checkout: Verify card authentication before approving orders.
Apple Pay / Google Pay tokenized transactions: Confirm issuer cryptogram validation and reduce false declines.
Higher-risk or out-of-pattern transactions: Use CAVV as an additional authentication when normal transaction behavior deviates (new device, flagged location, unusually large purchase).

Why Use CAVV?

Enhance your risk management transaction data: Combine CAVV with other risk-related data such as verifying addresses (AVS), name verification (ANI) geolocation data, device data, and historical transaction data.

TabaPay encourages our clients to develop a risk strategy that utilizes a layered risk management approach.

How the CAVV Results Code Works

When CAVV Results Code is returned in the Create Transaction API response, you will find the Visa-card-related value in the codeUCAF field.

Create Transaction Response

For response field descriptions, refer to Create Transaction API.

{
  "SC": 200,
  "EC": "0",
  "transactionID": "TabaPay_TransactionID_",
  "network": "Visa",
  "networkID": "123454646545645",
  "networkRC": "00",
  "status": "COMPLETED",
  "approvalCode": "000000",
  "additional": {
    "codeUCAF":"2",
    "codeECI": "05",
    "par": "V0010056422073825495104907179"
  }
}

How to Use CAVV Results Code

Upon receiving a CAVV Results Code, TabaPay Clients can utilize the table below to understand whether the transaction is protected or not.

Note: CAVV results/values appearing in the Create Transaction API response, are found in the codeUCAF field.

The results not only indicate the performance of the current transaction in question, but will help merchants fine tune their risk decisioning upstream for future transactions.

CAVV Results Code	Description	What does this mean
Blank	CAVV not present in authorization message OR CAVV not verified, issuer has not selected CAVV verification option	No liability shift; merchant not protected from chargebacks
0	CAVV could not be verified OR CAVV data was not provided when expected	No liability shift; merchant not protected from chargebacks
1	CAVV failed verification – cardholder authentication	(Usually an indication of potential bad or fraudulent CAVV data in the authorization message; CAVV was created by the Issuer’s ACS) Liability for this transaction should remain with the Issuer for fraud chargebacks.
2	CAVV passed verification – cardholder authentication	Fully authenticated transaction. Liability shift may apply.
3	CAVV passed verification – attempted authentication	Attempted authentication; Liability shift may apply.
4	CAVV failed verification – attempted authentication	Attempted authentication; Liability shift may apply.
6	CAVV not verified, issuer not participating in CAVV verification	Attempted authentication; Liability shift may apply. .
7	CAVV failed verification – attempted authentication	Attempted authentication; Liability shift may apply.
8	CAVV passed verification – attempted authentication	Attempted authentication; Liability shift may apply.
9	CAVV failed verification – attempted authentication	Attempted authentication; Liability shift may apply.
A	CAVV passed verification – attempted authentication	Attempted authentication; Liability shift may apply.
B	CAVV passed verification – no liability shift	No liability shift; merchant not protected from fraud chargebacks.
C	CAVV was not verified (Attempted Authentication)	Liability shift may apply.
D	CAVV was not verified (Cardholder Authentication)	Liability shift may apply.

Scenarios when CAVV Verification Fails

CAVV verification can fail for one of the following reasons

Scenario	Details
Transaction May Be Fraudulent	A fraud perpetrator may be trying to submit an authorization transaction with a “made up” CAVV in an attempt to obtain an authorization. Due to the potential for fraud, issuers are most likely to decline the transaction when CAVV verification fails. This results data, therefore, enhances our client's risk decisioning process.
Processing Error (Rare)	When CAVV data is corrupted
Issuer system issues	Unexpected issues at the issuer that prevents them from reading the CAVV cryptogram