• Merchant Login   |
• Developer Tools   |
• Braintree Payment Solutions

Developer Community

Setting Up Credit Card Validation using AVS and CVV

The Scenario

A merchant wishes to validate a credit card using Address Verification Service (AVS) and/or Card Verification Value (CVV) to validate the credit card, reduce fraud and qualify for lower rates. Note, only AVS affects rate, CVV does not. CVV’s sole purpose is to provide additional fraud protection.

The Setup

Every API call to the gateway sends a request to the financial institution that issued the credit card. Their response will include among other things whether the address and cvv values passed matched or mismatched the record on file. Merchants can configure rules to reject or accept transactions based upon the AVS and CVV responses.

It’s important to note that if a $50 request is sent, AVS is a mismatch and the configured rule denies the transaction, the credit card still has a valid $50 authorization. The Card Networks currently do not have a automated solution to void authorizations. All authorizations if uncaptured will automatically disappear from the card in a few days (but can stay up to 30).

CVV is referred to differently by each brand: Visa: CVV2, MC: CVC2, AMEX: CID, DISV: CID

How To Do It

You’ll need to do two things: 1) make sure to pass the proper parameters to the gateway and 2) set up the rules in the Virtual Terminal.

CVV Verifications

To begin with, make sure that you pass a CVV-value along with each transaction to the gateway. This can be done simply by including the value cvv=VALUE where the VALUE is from an input field on your form. *NOTE: * Some processors will reject a transaction if an incorrect cvv value is passed regardless of the rules that are setup in the Virtual Terminal. Make sure that you have error handling logic in your application in place before adding this functionality.

In the Virtual Terminal, navigate to Options -> Card ID Verification. You will be presented with a list of options to check, you may check more than 1.

For this example, I’m going to select the second value, “Does NOT Match (N)”. This means that the gateway will reject any request where the CVV is passed, but does not match the one from the card issuing bank. This is the most common rule to apply. After applying the rule by saving the form, your users should now have CVV verification rules protecting their transactions.

AVS Verifications

AVS Verification rules are very similar to CVV rules with the exception that there are many more of them. There are a few general configuration rules that you can setup for International vs. US transactions, but I’m going to focus primarily on US-based transactions, specifically zip code.

Make sure that you are passing the zipcode along with each transaction to the gateway. The param variable for this is zip. It can either be a 5-digit, or a 9-digit zip code.

The next thing to do is setup the rules in the Virtual Terminal under Options -> Address Verification

There a lot of options for configuring street address and zip code, but I’m going to focus on the section called, “Street Address Does Not Match…” because we’re not going to be passing the street address, just the zip code. Select the 3rd Option, “First 5 digits of ZIP Code Do NOT Match (N)”. Save the form and you should now be validating your customer’s address values.

Discussion

Please ask any questions on this article in the Articles Discussion Forum.

For further information on this topic, here are a few articles from the Braintree Blog:

• Credit Card Validation
• CVV2 Does Not Affect Credit Card Rate Qualification
• Reaons why higher credit card fees are charged

© 2008 Braintree Payment Solutions