Handling security code verification failures

There are two main reasons that a verifyCvc check while saving a card token can fail.

Incorrect card security code or card problem

If you submit a save card transaction where you have verifyCvc enabled and the specified card security code is not correct, then the matchCvv response returns as false and the cvvresponse returns as N. Although the verifyCvc check completed successfully, because the card security code was invalid, the system returns an HTTP status code of 400 and a Nexio error code of 437. In addition, the card token is not saved.

Other card problems from submitting this transaction also return the matchCvv as false and the card token does not get saved. The cvvresponse in the gateway message is also N for these cases. The message from the gateway provides additional detail about the specific problem, such as an expired card or insufficient funds.

The system shapes the response as shown in the example below.

Example Security Code Verification Failure
{
  "error": 437,
  "message": "Verify CVC Failed",
  "cvcResults": {
    "matchCvv": false,
    "error": false,
    "gatewayMessage": {
      "cvvresponse": "N",
      "message": "CVV2/CVC2 no match"
    }
  },
  "merchantId": "100100"
}

Error with a verification provider during the check

In addition to the card security code being incorrect, there may be a problem with doing the verification process. The error parameter will be set to true.

After getting any of these errors, you may want to delete the card token.

The following table lists the most common card CVC verification errors.

CVV Response CodeMessageDescription
PNot processedThis error indicates a general error that caused the verification check to not run at all. The card token is still saved.
SMerchant has indicated that CVV2/CVC2 is not present on cardThis error indicates that the merchant had a problem when doing the verification check, such as when a card security code is given but no code is associated with that card. The card token is still saved.
UIssuer is not certified and/or has not provided Visa encryption keysThis error indicates that the bank had a problem when doing the verification check. The card token is still saved.
XunknownThis error indicates that no card security code data was available.

The system shapes the response as shown in the example below (for this example, for the S code in the cvvresponse parameter).

Example Provider Verification Error
{
  "token": {...},
  "data": {...},
  "card": {...},
  "merchantId": "100100",
  "shouldUpdateCard": true,
  "kountResponse": {...},
  "cvcResults": {
    "error": true,
    "gatewayMessage": {
      "cvvresponse": "S",
      "message": "Merchant has indicated that CVV2/CVC2 is not present on card"
    }
  },
  "cardType": "visa"
}

Did this page help you?