[ic] CVV2

Josh Lavin josh at perusion.net
Wed Feb 13 22:04:30 UTC 2013 

Quoting DB (db at m-and-d.com):
> I've been using Skipjack as a gateway provider for years. I recently
> started requiring CVV2 codes on my checkout page. I asked Skipjack about
> transactions being declined based on CVV2 mismatch. I was told that they
> can't do that - they can ony require the field be populated, which of
> course I can do myself.
> 
> That seems kind of dumb to me. If a CVV2 mismatch is not used as a
> reason to decline a transaction, then what's the point of requiring it
> on my checkout page?
> 
> I'm interested in hearing what others do with CVV2 codes. It is hard to
> believe that what Skipjack told me is correct.

Yes, this is the case with at least Linkpoint and PayflowPro, too (but
not Authorize.net). To get around it, you have to send transactions as
authorizations (not sales), and then configure the payment module to
send an error to the customer if the CVV does not match. This is done
via a "check_sub" in the case of Linkpoint.pm. Looks like Skipjack.pm
would need to be updated to support this kind of functionality
(something a competent IC consultant could do).

Here is a snip from Linkpoint.pm:

----

This can come in handy since LinkPoint has no option to decline a charge
when AVS or CVV data come back negative.

If you want to fail based on a bad AVS/CVV check, make sure you're only
doing an auth -- not a sale, or your customers would get charged on
orders that fail the AVS/CVV check and never get logged in your system!

Add the parameters like this:

	Route  linkpoint  check_sub  link_check

This is a matching sample subroutine you could put in interchange.cfg:

	GlobalSub <<EOR
	sub link_check {
		my ($result) = @_;
		my $avs = $result->{r_avs};
		my ($addr, $zip, $nothing, $cvv) = split m{}, $avs;
#::logDebug("avs=$avs, addr=$addr zip=$zip banks=$nothing cvv=$cvv");
		return 1 if $addr eq 'Y' or $zip eq 'Y';
		return 1 if $addr eq 'X' and $zip eq 'X';
		return 1 if $cvv =~ /^[MPSUX]$/;
		$result->{MStatus} = 'failure';
		if ($cvv eq 'N' || '') {
			$result->{r_error} = "The card security code you entered
does not match. Additional failed attempts may hold your available
funds.";
		}
		else {
			$result->{r_error} = "The billing address you entered does
not match the cardholder's billing address. Additional failed attempts
may hold your available funds.";
		}
	}
	EOR

----

-- 
Josh Lavin
Perusion -- Expert Interchange Consulting    http://www.perusion.com/

More information about the interchange-users mailing list