Show payment method endpoint: "verification_value" field in response
Answered
I have a clarifying question about the show payment method endpoint (/v1/payment_methods/<payment_
Thank you!
-
Official comment
Hi Grady,
Thanks for your question! Due to PCI constraints, our system scrubs the CVV after a short period, which affects how information is displayed using the show payment method call.
If you use the show call to view a payment method and see:
"verification_value": "XXX"
Then the CVV was passed in during the creation of the payment method.
However, you may see the following:
"verification_value": ""
An empty string means that the CVV may or may not have been sent. In this case, the best practice for confirming whether or not the CVV was passed in on the initial transaction is:
- Using our API, go back and pull the creation of the payment method and the very first transaction made using the payment method
- Compare the `created_at` timestamps for the creation of the payment method, and the first transaction that follows it. If the first transaction was in close succession to the payment method creation, the `verification_value` field is indicative of presence/absence of CVV (where 'XXX' indicates presence of CVV)
- Depending on your gateway, you may also be getting an AVS field that will say "CVV Matches" or something of the sort. This field can also be used to confirm the presence of the CVV.
In short, the show payment method call can sometimes be unreliable due to how secure information is scrubbed from our database. However, drilling down to the moment a payment method was first created and used in a transaction can yield a more reliable answer.
Best,
Danae
Comment actions
Please sign in to leave a comment.
Comments
1 comment