Per PCI Guidelines, we cannot retain a CVV with a payment method, only cache it temporarily. For this reason, it is only available for a single use or a few minutes, whichever comes first.
Some gateways and receivers have a default setting that requires a CVV for all payment transactions. If you would like to run recurring purchases against a vaulted credit card, you have two options:
- Turn off the CVV requirement by modifying your preferences at the gateway or receiver.
- Ask your customer for the CVV every time you charge the card.
If you need to send the card to multiple endpoints back to back, you also have the option to pass in the continue_caching flag on a transaction to keep the CVV for a few minutes before it is automatically deleted.