A unique code from the card issuer during 3-D Secure (3DS) authentication that confirms the cardholder's authorization in online transactions.
When cryptogram type of CAVV - Cardholder Authentication Verification Value is present in TabaPay's Unified API, the CAVV Results Code returned in the response indicates whether the downstream issuing systems were able to successfully verify this cryptogram value.
When is CAVV Cryptogram Present
During a Create Transaction API, CAVV Cryptograms are forwarded to Card Networks in the Authorization message.
- CAVV is present for 3DS-enabled transactions as well as with Apple Pay and Google Pay token payloads.
When the instruction to authorize reaches the issuer, the issuing systems will verify the CAVV Value to ensure that the issuer authenticated the cardholder for the transaction and that its contents have not been altered.
When available from the card networks in the Authorization Response, TabaPay will relay the CAVV Results Code in our API response.
CAVV Results Code is a vital input to your Risk Decision
The CAVV Results Code enhances your risk management transaction data. TabaPay encourages our clients to develop a risk strategy that utilizes a layered risk management approach.
CAVV Results Code is suggested to be used in combination with other risk-related data such as verifying addresses, geolocation data, device data, and historical transaction data.
Visa - CAVV Results Codes
| CAVV Results Code | Description | What does this mean |
|---|---|---|
| Blank | CAVV not present in authorization message OR CAVV not verified, issuer has not selected CAVV verification option | No liability shift; merchant not protected from chargebacks |
| 0 | CAVV could not be verified OR CAVV data was not provided when expected | No liability shift; merchant not protected from chargebacks |
| 1 | CAVV failed verification – cardholder authentication | (Usually an indication of potential bad or fraudulent CAVV data in the authorization message; CAVV was created by the Issuer’s ACS) Liability for this transaction should remain with the Issuer for fraud chargebacks. |
| 2 | CAVV passed verification – cardholder authentication | Fully authenticated transaction. Liability shift applied and the merchant is protected from applicable chargebacks. |
| 3 | CAVV passed verification – attempted authentication | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| 4 | CAVV failed verification – attempted authentication | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| 5 | Reserved | Not used/not applicable |
| 6 | CAVV not verified, issuer not participating in CAVV verification | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| 7 | CAVV failed verification – attempted authentication | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| 8 | CAVV passed verification – attempted authentication | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| 9 | CAVV failed verification – attempted authentication | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| A | CAVV passed verification – attempted authentication | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| B | CAVV passed verification – no liability shift | No liability shift; merchant not protected from fraud chargebacks. |
| C | CAVV was not verified (Attempted Authentication) | Liability shift applied, and merchant is protected from applicable chargebacks. |
| D | CAVV was not verified (Cardholder Authentication) | Liability shift applied, and merchant is protected from applicable chargebacks. |
MasterCard - CAVV Results Code
| CAVV Results Code | Description | What does this mean |
|---|---|---|
| 0 | Authentication failed | No liability shift; merchant not protected from chargebacks. |
| 1 | Authentication attempted | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. Not all card types are supported. |
| 2 | Authentication successful | Fully authenticated transaction.Liability shift applied and the merchant is protected from all chargebacks. |
Scenarios when CAVV Verification Fails
CAVV verification can fail for one of the following reasons
| Scenario | Details |
|---|---|
| Transaction May Be Fraudulent | A fraud perpetrator may be trying to submit an authorization transaction with a “made up” CAVV in an attempt to obtain an authorization. Due to the potential for fraud, issuers are most likely to decline the transaction when CAVV verification fails. This results data, therefore, enhances our client's risk decisioning process. |
| Processing Error (Rare) | When CAVV data is corrupted |
| Issuer system issues | Unexpected issues at the issuer that prevents them from reading the CAVV cryptogram |