Handling security code verification failures
There are two main reasons that a verifyCvc check while saving a card token can fail.
- Incorrect card security code or similar problem.
- Error with some part of the security code process outside of Nexio, such as an error with a verification provider.
Incorrect card security code or card problem
If you submit a save card transaction where you have verifyCvc enabled and the specified card security code is not correct, then the matchCvv response returns as false and the cvvresponse returns as N. Although the verifyCvc check completed successfully, because the card security code was invalid, the system returns an HTTP status code of 400 and a Nexio error code of 437. In addition, the card token is not saved.
Other card problems from submitting this transaction also return the matchCvv as false and the card token does not get saved. The cvvresponse in the gateway message is also N for these cases. The message from the gateway provides additional detail about the specific problem, such as an expired card or insufficient funds.
The system shapes the response as shown in the example below.
{
"error": 437,
"message": "Verify CVC Failed",
"cvcResults": {
"matchCvv": false,
"error": false,
"gatewayMessage": {
"cvvresponse": "N",
"message": "CVV2/CVC2 no match"
}
},
"merchantId": "100100"
}
Error with a verification provider during the check
In addition to the card security code being incorrect, there may be a problem with doing the verification process. The error parameter will be set to true.
After getting any of these errors, you may want to delete the card token.
The following table lists the most common card CVC verification errors.
| CVV Response Code | Message | Description |
|---|---|---|
| P | Not processed | This error indicates a general error that caused the verification check to not run at all. The card token is still saved. |
| S | Merchant has indicated that CVV2/CVC2 is not present on card | This error indicates that the merchant had a problem when doing the verification check, such as when a card security code is given but no code is associated with that card. The card token is still saved. |
| U | Issuer is not certified and/or has not provided Visa encryption keys | This error indicates that the bank had a problem when doing the verification check. The card token is still saved. |
| X | unknown | This error indicates that no card security code data was available. |
The system shapes the response as shown in the example below (for this example, for the S code in the cvvresponse parameter).
{
"token": {...},
"data": {...},
"card": {...},
"merchantId": "100100",
"shouldUpdateCard": true,
"kountResponse": {...},
"cvcResults": {
"error": true,
"gatewayMessage": {
"cvvresponse": "S",
"message": "Merchant has indicated that CVV2/CVC2 is not present on card"
}
},
"cardType": "visa"
}
Updated over 1 year ago