[ic] CVV2 with Interchange

Ed LaFrance interchange-users@interchange.redhat.com
Wed Jan 23 12:48:01 2002 

At 10:23 AM 01/23/2002 -0500, you wrote:
>On Wed, 23 Jan 2002, Mike Heins wrote:
>
> > Once again, I advise against collecting CCV2, and *certainly* against
> > storing it anywhere. I know quite a few merchant providers who give
> > discounts for using AVS, but none that give a discount for CCV2.
> >
> > I know I would not fill my own in on a form; it is my protection
> > against fraud. If it is not embossed on the card, it should not
> > be left as an "impression" on the site.
> >
> > If your payment gateway includes it as a "best practice" item in their
> > recommended implementation, perhaps they have a rationale in this. At
> > that point, if you collect and use it in your gateway implementation, I
> > would strongly recommend putting
> >
> >       FormIgnore  mv_credit_card_ccv2
> >
> > in catalog.cfg. That prevents it from being stored in the session,
> > just like mv_credit_card_number is not stored now. It could still
> > be used in the gateway module by bringing it from the $CGI reference.
>
>Actually, since sometime in the IC 4.7.x timeframe, mv_credit_card_cvv2
>has been on the list of CGI variables not to add to the session, like
>mv_credit_card_number, so the above shouldn't be necessary.
>
>Jon

FWIW, I think we will be seeing more of this requirement in the near 
future.  Especially among third-party processors ("aggregators") like the 
on I use; they have just notified me that effective Feb 1, the CVV2 will be 
required for all credit card transactions.  While I understand Mike Heins' 
hesitation to key it in on a web form for fear of compromising his 
protection against fraud, I'm afraid that the CC co's and gateway providers 
look at it from a different angle: it is *their* extra measure of 
protection against being defrauded.

- Ed L.


===============================================================
New Media E.M.S.               Software Solutions for Business
463 Main St., Suite D          eCommerce | Consulting | Hosting
Placerville, CA  95667         edl@newmediaems.com
(530) 622-9421                 http://www.newmediaems.com
(866) 519-4680 Toll-Free       (530) 622-9426 Fax
===============================================================