Validating Credit Card Information - CVV Numbers

sagar Shah picture sagar Shah · Nov 18, 2011 · Viewed 10.5k times · Source

I am using authorize.net {aim} for my payment gateway. I am using test authorize for developer account.

I have used https://test.authorize.net/gateway/transact.dll with C# and it successfuly works without error.

But my client needs to validate the cvv [Card Verification Value]. How can this be done?

Answer

user166390 picture user166390 · Nov 18, 2011

Outside of checking the format for basic sanity (e.g. 3 or 4 digits depending on card), the CVV can only be validated by having a payment approved/authorized, which should be done by your payment processor. See the Transaction Types documentation on .. drum roll .. authorize.net.

The Luhn (or similar) checksum used on the card number is designed to catch simple human entry errors, such as number transposition, and does not guarantee that the number is valid - just that it could be valid. There is no need to have a similar checksum on the CVV due to it's small size (3 or 4 digits) and doing so would reduce the value space which somewhat defeats the purpose of the CVV ..

Oh, and please don't say you're storing CVVs? That's very bad :-(

Happy coding.