CIM gateway and CVV

37 views
Skip to first unread message

lannon

unread,
Oct 13, 2009, 1:10:57 PM10/13/09
to Active Merchant
Does anyone know how the authorize.net CIM gateway handles cvv/cvv2 ?

After patching activemerchant to set the verification_value and
sending it with the payment profile creation request, it seems to
accept any numeric value (even an incorrect cvv). However, an
incorrect datatype (e.g., 'abc') will generate an xsd error from the
gateway.

So, it seems that sending the cvv with the payment profile request
doesn't do much of anything.

I'd appreciate any input anyone could provide.

Regards,
John Lannon

ResonantVibes.com

ben wiseley

unread,
Oct 13, 2009, 2:42:36 PM10/13/09
to activem...@googlegroups.com
You need to activate it in authorize.net - it's an optional security setting (as is address verification, etc.)

Michael Hines

unread,
Nov 3, 2009, 3:38:54 PM11/3/09
to Active Merchant
John,

To have Authorize.Net check the CVV number for you, you need to set
validationMode to "liveMode" or "oldLiveMode" when you send the XML/
SOAP request to Authorize.Net.

This is necessary, because normally Authorize.Net just assumes the
data you provide is valid. Since Authorize.Net (nor any other
gateway) will store the CVV2 number (and neither should you), what
they do is check the CVV2 for you when you create a payment profile
with the card processor. They do this by authorizing $0.01, and then
immediately voiding the transaction. If the authorization is
successful, the CVV2 is know to be valid and the profile is stored.
Otherwise you get an error. The CVV2 is then immediately thrown
away.

The default behavior is not to do this, because depending on your card
processor, you might be charged for these verifications.

Check one of the guides here for more info:
http://developer.authorize.net/api/cim/

Good luck,
Mike
Reply all
Reply to author
Forward
0 new messages