My Profile_


Encrypted Card Verification with CVD and AVS

Verifies the validity of the credit card, expiry date and any additional details (such as the Card Verification Digits or Address Verification details). It does not verify the available amount or lock any funds on the credit card.

The Card Validation Digits (CVD) value refers to the numbers appearing on the back of the credit card rather than the numbers imprinted on the front. It is an optional fraud prevention tool that enables merchants to verify data provided by the cardholder at transaction time. This data is submitted along with the transaction to the issuing bank, which provides a response indicating whether the data is a match.

The response that is received from CVD verification is intended to provide added security and fraud prevention, but the response itself does not affect the completion of a transaction. Upon receiving a response, the choice whether to proceed with a transaction is left entirely to the merchant. The response is not a strict guideline of which transaction will approve or decline.

Address Verification Service (AVS) is an optional fraud-prevention tool offered by issuing banks whereby a cardholder's address is submitted as part of the transaction authorization. The AVS address is then compared to the address kept on file at the issuing bank. AVS checks whether the street number, street name and zip/postal code match. The issuing bank returns an AVS result code indicating whether the data was matched successfully. Regardless of the AVS result code returned, the credit card is authorized or declined by the issuing bank.

The response that is received from AVS verification is intended to provide added security and fraud prevention, but the response itself does not affect the completion of a transaction. Upon receiving a response, the choice to proceed with a transaction is left entirely to the merchant. The responses is not a strict guideline of whether a transaction will be approved or declined.

Things to consider:

  • CVD is only supported by Visa, MasterCard and American Express.
  • AVS is only supported by Visa, MasterCard, Discover and American Express.
  • When testing CVD or AVS, you must only use the Visa test card numbers 4242424242424242 or 4005554444444403, and the amounts described in the Simulator eFraud Response Codes Table.
  • For a full list of possible AVS & CVD result codes refer to the CVD and AVS Result Code tables.

Security:The CVD value must only be passed to the payment gateway. Under no circumstances may it be stored for subsequent uses or displayed as part of the receipt information.

This transaction allows for the ability to swipe or key in data into a Moneris-provided encrypted MSR device and pass the encrypted track 2 value to process a card not present transaction.

Canada Code Sample

package Canada;

import JavaAPI.*;

public class TestCanadaEncCardVerification
{
	public static void main(String[] args)
	{
		String store_id = "store5";
		String api_token = "yesguy";
		java.util.Date createDate = new java.util.Date(); 
		String order_id = "Test"+createDate.getTime();
		String cust_id = "customer1";
		
		String processing_country_code = "CA";
		boolean status_check = false;
		String device_type = "idtech_bdk";
		String enc_track2 = "02840085000000000416570F44857F2F7867342C66F7CDB57128A48F6E8DD8AD30AC1A6C727B5C400DC3AC8169BF2398B6C664FD3BE40431383131FFFF3141594047A00093031D03";
		String crypt_type = "7";

		AvsInfo avsCheck = new AvsInfo();
		avsCheck.setAvsStreetNumber("212");
		avsCheck.setAvsStreetName("Payton Street");
		avsCheck.setAvsZipCode("M1M1M1");

		CvdInfo cvdCheck = new CvdInfo();
		cvdCheck.setCvdIndicator("1");
		cvdCheck.setCvdValue("099");

		EncCardVerification encCardVerification = new EncCardVerification();
		encCardVerification.setOrderId(order_id);
		encCardVerification.setCustId(cust_id);
		encCardVerification.setEncTrack2(enc_track2);
		encCardVerification.setDeviceType(device_type);
		encCardVerification.setCryptType(crypt_type);
		encCardVerification.setAvsInfo(avsCheck);
		encCardVerification.setCvdInfo(cvdCheck);

		HttpsPostRequest mpgReq = new HttpsPostRequest();
		mpgReq.setProcCountryCode(processing_country_code);
		mpgReq.setTestMode(true); //false or comment out this line for production transactions
		mpgReq.setStoreId(store_id);
		mpgReq.setApiToken(api_token);
		mpgReq.setTransaction(encCardVerification);
		mpgReq.setStatusCheck(status_check);
		mpgReq.send();

		try
		{
			Receipt receipt = mpgReq.getReceipt();

			System.out.println("CardType = " + receipt.getCardType());
			System.out.println("TransAmount = " + receipt.getTransAmount());
			System.out.println("TxnNumber = " + receipt.getTxnNumber());
			System.out.println("ReceiptId = " + receipt.getReceiptId());
			System.out.println("TransType = " + receipt.getTransType());
			System.out.println("ReferenceNum = " + receipt.getReferenceNum());
			System.out.println("ResponseCode = " + receipt.getResponseCode());
			System.out.println("Message = " + receipt.getMessage());
			System.out.println("AuthCode = " + receipt.getAuthCode());
			System.out.println("Complete = " + receipt.getComplete());
			System.out.println("TransDate = " + receipt.getTransDate());
			System.out.println("TransTime = " + receipt.getTransTime());
			System.out.println("Ticket = " + receipt.getTicket());
			System.out.println("TimedOut = " + receipt.getTimedOut());
			System.out.println("CardLevelResult = " + receipt.getCardLevelResult());
		}
		catch (Exception e)
		{
			e.printStackTrace();
		}
	}
}

                
USA Code Sample

package USA;

import JavaAPI.*;

public class TestUSAEncCardVerification
{
	public static void main(String[] args)
	{
		String store_id = "monusqa002";
		String api_token = "qatoken";
		java.util.Date createDate = new java.util.Date(); 
		String order_id = "Test"+createDate.getTime();
		String cust_id = "customer1";
		
		String processing_country_code = "US";
		boolean status_check = false;
		String device_type = "idtech";
		String enc_track2 = 
			"02D901801F4F2800039B%*4924********4030^TESTCARD/MONERIS^***************************************"
			+ "**?*;4924********4030=********************?*A7150C78335A5024949516FDA9A68A91C4FBAB1279DD1DE2283D"
			+ "BEBB2C6B3FDEACF7B5B314219D76C00890F347A9640EFE90023E31622F5FD95C14C0362DD2EAB28ADEB46B8B577DA1A1"
			+ "8B707BCC7E48068EFF1882CFB4B369BDC4BB646C870D6083239860B23837EA91DB3F1D8AD066DAAACE2B2DA18D563E4F"
			+ "1EF997696337B8999E9C707DEC4CB0410B887291CAF2EE449573D01613484B80760742A3506C31415939320000A00028"
			+ "3C5E03";

		AvsInfo avsCheck = new AvsInfo();
		avsCheck.setAvsStreetNumber("212");
		avsCheck.setAvsStreetName("Payton Street");
		avsCheck.setAvsZipCode("M1M1M1");

		CvdInfo cvdCheck = new CvdInfo();
		cvdCheck.setCvdIndicator("1");
		cvdCheck.setCvdValue("099");

		EncCardVerification encCardVerification = new EncCardVerification();
		encCardVerification.setOrderId(order_id);
		encCardVerification.setCustId(cust_id);
		encCardVerification.setEncTrack2(enc_track2);
		encCardVerification.setDeviceType(device_type);
		encCardVerification.setAvsInfo(avsCheck);
		encCardVerification.setCvdInfo(cvdCheck);

		HttpsPostRequest mpgReq = new HttpsPostRequest();
		mpgReq.setProcCountryCode(processing_country_code);
		mpgReq.setTestMode(true); //false or comment out this line for production transactions
		mpgReq.setStoreId(store_id);
		mpgReq.setApiToken(api_token);
		mpgReq.setTransaction(encCardVerification);
		mpgReq.setStatusCheck(status_check);
		mpgReq.send();

		try
		{
			Receipt receipt = mpgReq.getReceipt();

			System.out.println("CardType = " + receipt.getCardType());
			System.out.println("TransAmount = " + receipt.getTransAmount());
			System.out.println("TxnNumber = " + receipt.getTxnNumber());
			System.out.println("ReceiptId = " + receipt.getReceiptId());
			System.out.println("TransType = " + receipt.getTransType());
			System.out.println("ReferenceNum = " + receipt.getReferenceNum());
			System.out.println("ResponseCode = " + receipt.getResponseCode());
			System.out.println("Message = " + receipt.getMessage());
			System.out.println("AuthCode = " + receipt.getAuthCode());
			System.out.println("Complete = " + receipt.getComplete());
			System.out.println("TransDate = " + receipt.getTransDate());
			System.out.println("TransTime = " + receipt.getTransTime());
			System.out.println("Ticket = " + receipt.getTicket());
			System.out.println("TimedOut = " + receipt.getTimedOut());
			System.out.println("CardLevelResult = " + receipt.getCardLevelResult());
		}
		catch (Exception e)
		{
			e.printStackTrace();
		}
	}
}

                

Encrypted Card Verification - Transaction Values

EncCardVerification encCardVerification = new EncCardVerification();

HttpsPostRequest mpgReq = new HttpsPostRequest();

mpgReq.setTransaction(encCardVerification);

Encrypted Card Verification object mandatory values

VALUE TYPE LIMITS SET METHOD DESCRIPTION
Order ID String 50-character alphanumeric encCardVerification.setOrderId(order_id); Merchant-defined transaction identifier that must be unique for every Purchase, Pre-Authorization and Independent Refund transaction. No two transactions of these types may have the same order ID.   For Refund, Completion and Purchase Correction transactions, the order ID must be the same as that of the original transaction.   Canada: The last 10 characters of the order ID are displayed in the “Invoice Number” field on the Merchant Direct Reports. However only letters, numbers and spaces are sent to Merchant Direct.   A minimum of 3 and a maximum of 10 valid characters are sent to Merchant Direct. Only the last characters beginning after any invalid characters are sent. For example, if the order ID is 1234-567890, only 567890 is sent to Merchant Direct.   US: The last 32 characters of the order ID are sent on to the Client Line settlement reports.   For either countries, If the order ID has fewer than 3 characters, it may display a blank or 0000000000 in the Invoice Number field.
Encrypted Track 2 data String   encCardVerification.setEncTrack2 (enc_track2); String that is retrieved by swiping or keying in a credit card number through a Moneris-provided encrypted mag swipe card reader. It is part of an encrypted keyed or swiped transaction only. This string must be retrieved by a specific device. (See Device Type below for the list of current available devices.)
Device Type String 30 – character alphanumeric encCardVerification.setDeviceType (device_type); Type of encrypted mag swipe reader that was used to read the credit card. This must be a Moneris-provided device so that the values are properly encrypted and decrypted. This field is case-sensitive. Available values are: "idtech".

Encrypted Card Verification optional values

VALUE TYPE LIMITS SET METHOD DECRIPTION
Customer ID String 50-character alphanumeric encCardVerification.setCustId(cust_id); This can be used for policy number, membership number, student ID, or invoice number. This field is searchable from the Moneris Merchant Resource Centre.

Encrypted Card Verification transaction conditional values

VALUE TYPE LIMITS SET METHOD DESCRIPTION
AVS Object Not applicable. AvsInfo avsCheck = new AvsInfo(); encCardVerification.setAvsInfo(avsCheck); Note: AVS & CVD are mandatory for US. It is optional for Canada. Refer below for further breakdown and definition.
CVD Object Not applicable. CvdInfo cvdCheck = new CvdInfo(); encCardVerification.setCvdInfo(cvdCheck); Note: AVS & CVD are mandatory for US. It is optional for Canada. Refer below for further breakdown and definition.

CvdInfo object mandatory values

VALUE TYPE LIMITS SET METHOD DESCRIPTION
CVD indicator String 1-character numeric cvdCheck.setCvdIndicator("1"); CVD presence indicator: 
0: CVD value is deliberately bypassed or is not provided by the merchant. 
1: CVD value is present. 
2: CVD value is on the card, but is illegible. 
9: Cardholder states that the card has no CVD imprint.
CVD Value String 4-character numeric cvdCheck.setCvdValue("099"); CVD value located on credit card. The CVD value (supplied by the cardholder) must only be passed to the payment gateway. Under no circumstances may it be stored for subsequent use or displayed as part of the receipt information.

AvsInfo object mandatory values

VALUE TYPE LIMITS SET METHOD DESCRIPTION
AVS street number String 19-character alphanumeric1 avsCheck.setAvsStreetNumber("212"); Cardholder street number.
AVS street name String See AVS street number avsCheck.setAvsStreetName("Payton Street"); Cardholder street name.
AVS zip/postal code String 9-character alphanumeric avsCheck.setAvsZipCode("M1M1M1"); Cardholder zip/postal code

CVD & AVS Response Fields

VALUE LIMITS GET METHOD DESCRIPTION
CVD result code 2-character alphanumeric receipt.getCvdResultCode(); Indicates the CVD validation result. The first byte is the numeric CVD indicator sent in the request; the second byte is the response code. Possible response codes are shown in the CVD Result Code table.
AVS result code 1-character alphanumeric receipt.getAvsResultCode(); Indicates the address verification result. For a full list of possible response codes refer to the AVS Result Code table.

Predecessors
  • None
Successors
  • Encrypted Purchase (API)
  • Encrypted Mag Swipe Purchase (API)
  • Encrypted Pre-Authorization (API)
  • Encrypted Mag Swipe Pre-Authorization (API)
  • Encrypted Independent Refund (API)
  • Encrypted Mag Swipe Independent Refund (API)
  • Encrypted Force Post (API)
  • Encrypted Mag Swipe Force Post (API)
  • Encrypted Vault Add Credit Card (API)
  • Encrypted Vault Update Credit Card (API)
  • Vault Tokenize Credit Card (API)