I got stuck using Authorize.net on a client's site - first time in a long time that I've worked with anything but Payflow. I'm finding that Authorize.net is not requiring the CVV2 code. It prompts for it, and if you enter the wrong one, you get an error. But if you leave it blank, the transaction goes through fine.

I have set every CVV2 setting in Authorize.net possible for rejecting based on CVV2 information being wrong. But according to them, if nothing is passed, they can't reject it.

Site is using version 4.24 of the module.

Is there a solution to this - other than using JavaScript to require that the field be filled in? (I hate hacks like that!)

Thanks,
Susan

I'm not familiar with all the "fraud prevention" options Authorize.net offers, but it's 100% up to them to provide you the tools to manage transactions based on the criteria YOU feel comfortable with. If you want them to decline transactions based on invalid (or missing) AVS code - they should have that option - just like Payflow Pro has with the various fraud protection packages. Contact Authnet support and ask them explicitly how/where to set this up on their end, or if there's a separate service package you need to sign up for and add to your account.

The customer needs to log into their AuthNet Web Terminal and under Security Settings, check the boxes for the CVV2 code responses they wish to reject on, including no code provided.


I got stuck using Authorize.net on a client's site - first time in a long time that I've worked with anything but Payflow. I'm finding that Authorize.net is not requiring the CVV2 code. It prompts for it, and if you enter the wrong one, you get an error. But if you leave it blank, the transaction goes through fine.

I have set every CVV2 setting in Authorize.net possible for rejecting based on CVV2 information being wrong. But according to them, if nothing is passed, they can't reject it.

Site is using version 4.24 of the module.

Is there a solution to this - other than using JavaScript to require that the field be filled in? (I hate hacks like that!)

Thanks,
Susan

Vic and Remik,

Thanks for the answers. We've done all that on the Authorize.net web terminal. And all of the following are checked:

Reject Transaction If Card Code value...
Does NOT Match (N)
Is NOT Processed (P)
Should be on card, but is not indicated (S)
Issuer is not certified or has not provided encryption key (U)

And we've called Authorize.net. They said that it's up to the client to make sure the CVV2 code is passed. If it's not, then their CVV2 validation won't kick in.

Granted, I've gotten wrong answers from tech support (other places) before, but this is what we were told.

--susan

PS - AVS seems to work fine. It's only CVV2 that we're having a problem with.

Ah... in that case, I'd contact MIVA to perhaps add an option not only to "Display the CVV2 field" but also to make it a "required field"... Right now you can ask for it, but it's not mandatory to actually fill it out. That would be a good, long term solution to this problem. Short term solution - Javascript on the payment page, validate the CVV2 entry box, and make it a required field (check for 3 or 4 numerical characters while you're at it).

Yeah that's all I could come up with too. Bummer. Thanks for validating though, as I wasn't sure if maybe things were just being messed up.

Susan

Hmm we use authoriznet also and have had no issues with this at all. All check are set for CVV2 ..as shown below, all are checked minus Amercian express that doesnt use CVV2 codes.

Below is the setup in the 3.1 payment module

American Express Display CVV2 Field (not available to card)
Diner's Club Display CVV2 Field (checked)
Discover Display CVV2 Field (checked)
JCB Display CVV2 Field (checked)
MasterCard Display CVV2 Field(checked)
Visa Display CVV2 Field(checked)

You are using the Authorize.Net Payment Services v3.1 arent you?

anyways, we havent to my knowledge, had any problems with this.

Dan,

Have you tried submitting a test order where CVV2 is blank - not incorrect, but completely blank? And you are saying that the module kicks back and makes them enter the CVV2 code?

Yes, it's the 3.1 module. v4.24.

Thanks,
Susan

Dan,

Have you tried submitting a test order where CVV2 is blank - not incorrect, but completely blank? And you are saying that the module kicks back and makes them enter the CVV2 code?

Yes, it's the 3.1 module. v4.24.

Thanks,
Susan
Yes mam..... It returns a required value is missing. The only one that doesnt do that is the one that doesnt have CVV2 available.