The CVV Number on your credit card is a 3 or 4 digit number located on the back or the front of your card, depending on the type of card. It’s a security code used for card not present transactions.
The Payment Card Industry Data Security Standard (PCI DSS) prohibits the storage of the CVV. We at Spreedly pass along the CVV to your gateway for the first authorize, purchase, or verify that you run against a card. Future transactions using that vaulted card do not include the CVV.
Some gateways have a default setting that requires a CVV for all payment transactions. If you’d like to run recurring purchases against a vaulted credit card, you have two options:
- Turn off the CVV requirement in your gateway preferences.
- Ask your customer for the CVV every time you charge the card.
If you need to send the card to multiple endpoints back to back you also have the option to pass in
on a transaction to keep the cvv for a few minutes before it is automatically deleted.
Please note, the CVV code is not verified when a payment method is added, as no transaction is executed. A token will be returned, however it is up to you to invoke a purchase or authorization from your secure, server-side environment to verify the CVV for the added payment method.
Common error messages from the gateway might include
gateway_processing_result_unknown. In cases like those, obtaining the transaction transcript and
providing it to the gateway would be the next steps.
You can also view common CVV/AVS response codes in order to further troubleshoot.