How to safely re-capture the CVV?

Follow

Theo Gravity

September 13, 2017 17:48

I noticed in the recache API, you send in the CVV as plaintext. I'd like to have the user re-enter their CVV with an already stored payment to verify ownership. Is it possible to just ask for the CVV in the iFrame and use the recache API to send the CVV?

0

• Official comment

  

  Permanently deleted user September 13, 2017 19:33

  Hi Theo,

  Thanks for your question!

  Our supported method of recaching the CVV via the iFrame can be found here: https://docs.spreedly.com/reference/iframe/v1/#recache

  Were you wanting to use https://docs.spreedly.com/reference/api/v1/#recache instead? If so, I'm not sure we've had any customers attempt that method. Could you share your use-case?

  Feel free to email us at support@spreedly.com if there's any sensitive information you prefer not to share in the community.

   

  Comment actions Permalink
• 

  Theo Gravity September 13, 2017 20:41

  Sure.

  - The payment is already stored in the vault

  - During the checkout flow, we want to re-prompt for CVV

  - Update the payment with the new CVV and validate (this may be a combined step)

  We're unsure if for PCI compliance reasons, the CVV can be transmitted in plaintext from our server to Spreedly.

   

  0

  Comment actions Permalink
• 

  Permanently deleted user September 14, 2017 13:35

  Hi Theo,

  If using the iFrame's `recache` functionality, the CVV will not hit your servers at all so there'd be no need to worry about that. If you plan to capture the CVV outside the iFrame and use our recache API, the CVV would be sent over HTTPs rather than plain text.

  0

  Comment actions Permalink

Please sign in to leave a comment.