Authorize.net-What options to use for CCV code?

**markw10** · 07-04-2008, 04:58 PM

I am configuring my Authorize.net account for my new website and there is a section where I can select how to handle the CCV codes for credit cards. I have the following screen for my setup:

Select the conditions for which the Payment Gateway should reject a transaction when the Card Code submitted does not match the value on file with the customer's credit card company.
Reject Transaction If Card Code value...
Does NOT Match (N)
Is NOT Processed (P)
Should be on card, but is not indicated (S)
Issuer is not certified or has not provided encryption key (U)

My idea is I should set it to reject the card code value if it does not match. I want to protect against fraud and my thoughts is anyone with the card in their hand should know the code. Maybe some people haven't heard of it if they haven't done much online shopping or may not know where to find it on the card. Since this is a new website for me and my first time using direct credit card processing (my only experience is Paypal) what in general is good settings for this?

**michael_s** · 07-04-2008, 06:17 PM

Reality: real fraudsters will already have the CVV code, so that setting is fairly useless for preventing fraud, but having it on could reduce the discount rate you pay per transaction.

I have it reject if the CVV code does not match.

**TerryGbutler** · 02-16-2009, 08:48 AM

It really depends on your risk category. You do gain some fraud protection from getting the card code, but the biggest protection comes from getting the address match, and then shipping only to that address. For big ticket sales I actually ask customers to add the shipping address as an authorized billing address with their customer if they want it shipped to an address other than the billing address. This is extreme maybe but for big ticket items people understand. So, I say require the CVV but make sure your site is friendly, and it lets folks know to call or email if they have a problem, some banks are iffy when it comes to transmitting code info quick enough for the gateway to reply (little credit unions, Canadian banks etc)