Braintree Payment Solutions
  Merchant Login  |   Braintree Developer Community  
 
1.877.434.2894  
 
 
 
 
 
 


For Starters

About this blog

My name is Bryan Johnson and I am the founder and CEO of Braintree. I maintain this blog because payment processing is one of the most difficult components for businesses to manage. It is complex and can pose some significant security, strategic and technical challenges. I try to educate, inform, share my insights and answer questions to help users make better decisions. I've been in the industry for a while now, getting my start in the trenches selling door to door. If you need a resource I am happy to chat.

Creative Commons License
This work is licensed under a Creative Commons License.


Simplify PCI DSS Compliance
     
 

CVV2 Does Not Affect Credit Card Rate Qualification

Posted on 4 April, 2008 under Credit Card Processing, Ecommerce, PCI DSS Compliance, Rates and Fees, Risk and Fraud Management, Visa and MasterCard by Bryan Johnson

Most merchants mistakenly believe that processing a cardholder’s three or four digit CVV2 value for a ‘card not present’ transaction (e.g. ecommerce) will help qualify for lower credit card rates. The CVV2 value is only valuable to protect against credit card fraud and has nothing to do with rate qualification. CVV2 is most often confused with Address Verification Service (AVS) which can be used to qualify for lower credit card rates.

CVV2 stands for Card Verification Value and was introduced by MasterCard in 1997 and Visa in 2001. For ‘swiped’ transactions, the value is referred to as CVV1. Each of the card brands has its own acronym:

Visa: CVV2 - Card Verification Value
MasterCard: CVC2 - Card Validation Code
American Express: CID – Unique Card Code (and 4 digits)
Discover: CID – Card Identification Number

Merchants are able to configure payment processing systems to accept or decline transaction requests based upon the match or mismatch of CVV2 information. So for example, if a merchant creates a rule to decline all transactions where the CVV2 value does not match, the authorization request could be successful with the issuing bank, but the transaction will be denied by the merchant. Even though the transaction was denied by the merchant, the consumer’s card will still be authorized.

PCI DSS Compliance prohibits merchants from storing the CVV2 code. For recurring billing, merchants can accept and validate the CVV2 value during the initial authorization but cannot store it for additional transactions. After the initial validation, there really is no value in storing it.

Other Related Blog Posts
PCI Prohibits the Storage of CVV2 Data
PCI DSS Compliance Basics
Where do Credit Card Fees Come From?

Add this post to other sites: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • Furl
  • NewsVine
  • Reddit
  • YahooMyWeb
  • StumbleUpon

Post your Comment

 

 
     


Search

Categories

Recent Posts
 
 
 
  Company Profile  |   Support  |   Privacy Policy  |   Home  |  Site Map
 
 
  © Copyright 2007 - 2008 Braintree Payment Solutions. All Rights Reserved.
Main: 1.877.434.2894  |  Fax: 1.847.890.6644  |  Email: info@getbraintree.com
Corporate Headquarters: 848 West Bartlett Rd., Bartlett, IL 60103