Why is verifying card details important?

As with other types of "pull" payment methods, card transactions are reversible. In other words, you might assume a payment has been completed and it is final, only to find out weeks later that it has been reversed.

While reversible payments are useful for end users and provide them with stronger protection, they are also a reason to think very carefully about how to minimize payment reversals. End users have several reasons to pursue a payment reversal, but many times the root cause is a fraudulent transaction in the first place.

🚧
Fraud Liability
You are ultimately liable for any and all losses caused by fraudulent transactions or other types of payment reversals.

Essentially you want to have a reasonable level of certainty that the end user using your product is actually in control of the payment method being used. Verifying card details is a tool to help ensure that is the case.

CVV Verification

What is CVV?

CVV stands for card verification value, also known as card verification code (CVC). It is a code part of a debit or credit card that is private to the end user. Asking for the CVV of a debit or a credit card is a way to increase the level of confidence that the end user is actually in physical possession of the card, given that databases of stolen cards often don't include the CVV.

CVV Check

CVV check must be performed at the time of card creation but is optional at the time of payment creation. If the CVV check is successful at the time of card creation, you can assume that card is "good" for future payments, and you can opt not to run CVV checks for subsequent payments for that card.

You can come up with more sophisticated rules where you run CVV checks for subsequent payments depending on the payment amount (if it's significantly higher than usual) and other risk variables. Keep in mind that not running CVV checks during payments time significantly reduces your ability to dispute payment reversals later on.

CVV is sent to the API encrypted in the encryptedData field. Check the encryption section of the accepting card payments guide for more details.

Code	Description
pending	Check in progress
pass	Value matched
fail	Value not matched
unavailable	Card issuer does not support CVV check
not_requested	Check not requested (only for payment request - CVV is always attempted for card creation)

Address Verification

What is AVS?

Address Verification Service (AVS) is another mechanism that customers can use to prevent card fraud. The address verification service compares the billing address submitted by the end user against the billing address kept on file by the card issuer.

📘
AVS Coverage
The address verification check only applies to cards issued in the United States, Canada, and the United Kingdom.

The AVS Check

The address verification check is executed automatically for every card creation and payment creation transaction. The check can compare 2 distinct parts of the end user's billing address: the postal code, and the first address line.

Code	Summary	Description
A	Partial match	Street address matches, but both 5-digit and 9-digit ZIP Code do not match.
B	Partial match	Street Address Match for International Transaction. Postal Code not verified due to incompatible formats.
C	Verification unavailable	Street Address and Postal Code not verified for International Transaction due to incompatible formats.
D	Full Match (International Transaction)	Street Address and Postal Code match for International Transaction.
E	Data invalid	AVS data is invalid or AVS is not allowed for this card type.
F	Full Match (UK only)	Street address and postal code match. Applies to U.K. only.
G	Verification unavailable	Non-US Issuer does not participate.
I	Verification unavailable	Address information not verified for international transaction.
K	Address mismatch	Card member’s name matches but billing address and billing postal code do not match.
L	Partial match	Card member’s name and billing postal code match, but billing address does not match.
M	Full match (International Transaction)	Street Address match for international transaction. Address and Postal Code match.
N	No match	No match for address or ZIP/postal code.
O	Partial match	Card member’s name and billing address match, but billing postal code does not match.
P	Partial match (International Transaction)	Postal code match. Acquirer sent both postal code and street address, but street address not verified due to incompatible formats.
R	Verification unavailable	Issuer system unavailable, retry.
S	Verification unavailable	AVS not supported
U	Verification unavailable	Address unavailable
W	Partial match	Postal code matches but address does not match
X	Full match	Street address and postal code match
Y	Full match	Street address and postal code match
Z	Partial match	5 digit zip code match only
-	Verification unavailable	An error occurred attempting AVS check

Running CVV and AVS Checks

Card Creation Time

The results of the verification checks are returned in the verification property of the response. The checks are done asynchronously so the value of verification.cvv and verification.avs will be initially be returned as pending. You will need to poll the GET /cards/{id} endpoint or use a subscription notification to wait for the checks to complete and inspect the returned values.

For more details, check the create card endpoint.

Payment Time

When creating a payment, you have 2 options in terms of card verification. If the value of the verification property in the request is cvv then a CVV check will be performed, with a value of none or three_d_secure the CVV check is skipped. As with the card creation request the verification results will be returned in the verification property of the payment response.
If a CVV check is requested and the result is not pass then the payment will be failed. An AVS check will be performed for cvv three_d_secure and none values but the payment will not be failed in the case of a mismatch.
For more details, check the create payments endpoint.