Visa CAVV Results Code
If the Cardholder Authentication Verification Value (CAVV) cryptogram is present a 3DS, Apple Pay, or Google Pay Create Transaction API request, then the CAVV is included in the Authorization message sent to the card network.
The issuer then verifies the CAVV to confirm the cardholder was authenticated or not when verifying the cryptogram value.
- CAVV Results Code is for Visa
- UCAF Collection Downgrade Indicator is for MasterCard
When available from the card networks in the Authorization Response, TabaPay will relay the CAVV Results Code in the API response in the codeUCAF field. See the response or learn more about response field descriptions.
Use Cases
- 3DS card-not-present checkout: Verify card authentication before approving orders.
- Apple Pay / Google Pay tokenized transactions: Confirm issuer cryptogram validation and reduce false declines.
- Higher-risk or out-of-pattern transactions: Use CAVV as an additional authentication when normal transaction behavior deviates (new device, flagged location, unusually large purchase).
Why Use CAVV?
- Enhance your risk management transaction data: Combine CAVV with other risk-related data such as verifying addresses (AVS), name verification (ANI), Real Time Monitoring & Blocking, (RTM) geolocation data, device data, and historical transaction data.
TabaPay encourages clients to develop a risk strategy that utilizes a layered risk management approach.
How the CAVV Results Code Works
When CAVV Results Code is returned in the Create Transaction API response, you will find the Visa-card-related value in the codeUCAF field.
Create Transaction Response
For response field descriptions, refer to Create Transaction API.
{
"SC": 200,
"EC": "0",
"transactionID": "TabaPay_TransactionID_",
"network": "Visa",
"networkID": "123454646545645",
"networkRC": "00",
"status": "COMPLETED",
"approvalCode": "000000",
"additional": {
"codeUCAF":"2",
"codeECI": "05",
"par": "V0010056422073825495104907179"
}
}How to Use CAVV Results Code
Upon receiving a CAVV Results Code, TabaPay Clients can utilize the table below to understand whether the transaction is protected or not.
Note: CAVV results/values appearing in the Create Transaction API response, are found in the codeUCAF field.
The results not only indicate the performance of the current transaction in question, but will help merchants fine tune their risk decisioning upstream for future transactions.
| CAVV Results Code | Description | What does this mean |
|---|---|---|
| Blank | CAVV not present in authorization message OR CAVV not verified, issuer has not selected CAVV verification option | No liability shift; merchant not protected from chargebacks |
| 0 | CAVV could not be verified OR CAVV data was not provided when expected | No liability shift; merchant not protected from chargebacks |
| 1 | CAVV failed verification – cardholder authentication | (Usually an indication of potential bad or fraudulent CAVV data in the authorization message; CAVV was created by the Issuer’s ACS) For fraud chargebacks, liability for this transaction should remain with the Issuer. |
| 2 | CAVV passed verification – cardholder authentication | Fully authenticated transaction. Eligible for liability shift |
| 3 | CAVV passed verification – attempted authentication | Attempted authentication; Eligible for liability shift |
| 4 | CAVV failed verification – attempted authentication | A failed verification result is an indication of potential bad or fraudulent data submitted. |
| 6 | CAVV not verified, issuer not participating in CAVV verification | Eligible for liability shift. A CAVV is present, but issuer is not set up to verify. Transaction is treated as an attempted authentication and still may be eligible. |
| 7 | CAVV failed verification – attempted authentication | No liability shift; A failed verification result is an indication of potential bad or fraudulent data submitted |
| 8 | CAVV passed verification – attempted authentication | Attempted authentication; Eligible for liability shift. |
| 9 | CAVV failed verification – attempted authentication | Attempted authentication; Eligible for liability shift |
| A | CAVV passed verification – attempted authentication | Attempted authentication; Eligible for liability shift |
| B | CAVV passed verification – no liability shift | No liability shift; merchant not protected from fraud chargebacks. |
| C | CAVV was not verified (Attempted Authentication) | Eligible for liability shift. The CAVV for an authenticated transaction was not verified by the issuer even though the issuer has elected to verify the CAVV. |
| D | CAVV was not verified (Cardholder Authentication) | Eligible for liability shift. The CAVV for an authenticated transaction was not verified by the issuer even though the issuer has elected to verify the CAVV. |
Scenarios when CAVV Verification Fails
CAVV verification can fail for one of the following reasons
| Scenario | Details |
|---|---|
| Transaction May Be Fraudulent | A fraud perpetrator may be trying to submit an authorization transaction with a “made up” CAVV in an attempt to obtain an authorization. Due to the potential for fraud, issuers are most likely to decline the transaction when CAVV verification fails. This results data, therefore, enhances our client's risk decisioning process. |
| Processing Error (Rare) | When CAVV data is corrupted |
| Issuer system issues | Unexpected issues at the issuer that prevents them from reading the CAVV cryptogram |