The Card Verification Value, or CVV Number, on your credit card is a 3 or 4 digit number located on the back or front of your card, depending on the type of card. It is a security code used for card not present transactions.
The Payment Card Industry Data Security Standard (PCI DSS) prohibits the storage of the CVV. We at Spreedly pass along the CVV for the first authorize, purchase, or verify that you run against a card. Future transactions using that vaulted card do not include the CVV.
Some gateways and receivers have a default setting that requires a CVV for all payment transactions. If you would like to run recurring purchases against a vaulted credit card, you have two options:
- Turn off the CVV requirement by modifying your preferences at the gateway or receiver.
- Ask your customer for the CVV every time you charge the card.
If you need to send the card to multiple endpoints back to back, you also have the option to pass in
on a transaction to keep the CVV for a few minutes before it is automatically deleted.
Please note, the CVV code is not verified when a payment method is added, as no transaction is executed. Although a token will be returned, it is up to you to invoke a purchase or authorization from your secure, server-side environment to verify the CVV for the added payment method.
Common error messages from the gateway or receiver might include
gateway_processing_result_unknown. In cases like these, obtaining the transaction transcript and
providing it to the gateway or receiver would be the next steps.
You can also view common CVV/AVS response codes in order to troubleshoot further.