Manualshelf

Developer's Guide

ManualsBrandsPayPal ManualsSoftwarePayPal Gateway - 2012
71727374757677787980
Table Of Contents
Gateway Developer Guide and Reference 31 July 2012 75
Submitting Credit Card Transactions
Using Card Security Code
6
Using Card Security Code
The card security code is a 3- or 4-digit number (not part of the credit card number) that is
printed on the credit card. Because the card security code appears only on the card and not on
receipts or statements, the code provides some assurance that the physical card is in the
buyers possession.
This fraud prevention tool has various names, depending on the payment network. Visa calls it
CVV2, MasterCard calls it CVC2 while American Express and Discover call it CID. To make
sure that your customers see a consistent name, PayPal recommends use of the term card
security code on all end-user materials.
On most cards (Diners Club, Discover, Mastercard and Visa) the card security code is a 3-digit
number printed on the back of the card (usually in the signature field). All or part of the card
number appears before the card security code (567 in the example). American Express prints a
4-digit number (1122 in the example) on the front of the card, above and to the right of the
embossed account number. Make sure that you explain this to your customers.
To validate the card security code in a transaction, pass the card security code value in the
CVV2 parameter in your request. The response parameter CVV2MATCH returns the result of the
card security code check.
NOTE: To comply with credit card association regulations, do not store the card security code
value that you pass in the CVV2 parameter.
Card security code
The following is an example request parameter string.
TRXTYPE=S&TENDER=C&USER=SuperUser&PWD=SuperUserPassword&VENDOR=SuperUser&PA
RTNER=PayPal&ACCT=5105105105105100&EXPDATE=1215&CVV2=123&AMT=99.00&BILLTOFI
RSTNAME=John&BILLTOLASTNAME=Smith&BILLTOSTREET=123 Main St.&BILLTOCITY=San
Jose&BILLTOSTATE=CA&BILLTOZIP=12345
NOTE: Payflow returns the raw response from the processor in the PROCCVV2 parameter. For
details on the meaning of the response, contact your merchant bank.