Hi,
Hope someone can help me. After 2 weeks of grueling work I find that the customer checkout does NOT ask for the 3 digit number from the back of a credit card. I require this.
Miva support has been no help and I'm wondering if I will have to abandon this shopping cart from them.
Does anyone know code I can insert to require this and exactly where I would insert it?
All help is greatly appreciated.
Thank you!

What version of MIVA Merchant are you running and which Payment Module and Version?

Hi,
The Miva 5.2 .
Payment module ? (cmp-mv-paymentfields) I got the the volume pricing from William but I don't think that matters.
As far as version? In the module section there are several items listed. One says API Version, is that the version you mean?
Thanks,
Terri

You are running MIVA Merchant 5? Ok, what payment method?

Under Payment Configuration, which payment method(s) do you have checked to use?

Most of the bundled payment modules already support CVV2, unless you are runnning Credit Card with Simple Validation.

Hi,
I am using simple Validation because I own my own credit card processing machines.
I accept Visa and Master Card. I also use COD which is not a problem.

Hi Vic,
i f you can't help me please say so, I have 2 accounts to cancel.

You cannot collect CVV2 with Simple Validation.

It is a violation of your Merchant Account terms of service.

CVV is designed to be used in real time payment scenarios only. You risk SEVERE fines for breaking MasterCard & VISA's rules on this.

Sorry if it took some time to respond, but as with many others here - I have a company to run and volunteer my time to help others here when I can.

That is ridiculous! The CVC number deters theft. This whole miva is filled with loop holes and more of "you can buy this" and "you can buy this" than anything else.

Which is EXACTLY why you are not allowed to store or record it.

It has nothing to do with MIVA. Use one of the pre-installed real time gateways if you wish to use CVC/CVV2.

How can you say that requires you to purchase this or that?

If you cannot be a responsible online merchant, you should not be accepting credit cards.

That is ridiculous! The CVC number deters theft.

Responsible? We own our credit card processing equipment with zero problems in 11 years. YOU CAN KEEP YOUR INSULTS TO YOURSELF!
Buy this and buy that??? It's everywhere!!

It was not intended as an insult.

Even if you own your own processing equipment, that was designed for Card Present Transactions. NOT for taking internet orders/mail orders.

I dont make the processing rules, and am trying to provide you with information to protect you and your business.

If you want to risk $500,000 fines - thats up to you. So much for trying to help someone.


Responsible? We own our credit card processing equipment with zero problems in 11 years. YOU CAN KEEP YOUR INSULTS TO YOURSELF!
Buy this and buy that??? It's everywhere!!

Hopefully, someone can post the links to the VISA & Mastercard regulations regarding this. This has been a topic that has been hashed and rehashed for years. It has nothing to do with MIVA Merchant except for which online processor you use.

They have been posted in previous threads on CVV2.

Responsible? We own our credit card processing equipment with zero problems in 11 years. YOU CAN KEEP YOUR INSULTS TO YOURSELF!
Buy this and buy that??? It's everywhere!!

Please look at your merchant agreement. It doesn't matter what any of us think, I've yet to find a merchant agreement (or addendum to one) that allows the storing of the CVV. The CVV was put in place specifically to ensure verification. Names, card numbers and expiry dates are already stored; if we start storing the CVV, what next will be imposed?

Here's an article to start, at the Washington Post (http://www.washingtonpost.com/wp-dyn/content/article/2005/12/19/AR2005121900928.html).

QUOTE:
"Merchant guidelines published by both Visa and Mastercard require sellers to encrypt customer credit-card databases. They are also prohibited from retaining CVV numbers for any longer than it takes to verify a given transaction.

Companies that violate those standards can be fined $500,000 per violation. Credit card issuers generally levee such fines against the bank that processes payment transactions for the merchant that commits the violations. The fines usually are passed on to the offending company."

Now the line about "for any longer than it takes..." looks loose, but it's not. Storing the numbers un-encrypted (note that even with encryption and Simple Validation, "someone" sees those numbers) is a violation, and so is storage of CVV. Storing the CVV for, say, three days because that's when you plan to run the cards isn't what they mean. Ideally, merchant companies want people using gateways, so there's no security issues with employees seeing this data - because with it, it's all they need to start being someone else when paying for purchases on the Internet.

In short, storing the numbers so you and staff can view them defeats the purpose of the concept of CVV.