We are using PHP, and I inherited this 'old' code that is currently used in our Production environment.
Recently (Dec.4) we had a customer that used about 20 different VISA cards, that were all denied before a purchase was finally made, which we later refunded as it did not seem legit.
My colleague spoke with Moneris and we have now implemented measures to prevent this from happening in the future (only allow 3 attempts).
Moneris also came up with the next information, which I don't understand, hopefully I will get this clarified here:
- Declined CVV's should not be submitted to moneris - I wasn't even aware this was happening.
We are using CVD and AVS for fraud detection, but the transaction will always go through and our policy is to ask for additional identification of the customer (which is usually supplied) to determine if we need to refund the amount and decline the purchase or not.
Now, most of these transactions did not go through (declined by Moneris), so I am wondering what does Moneris mean with "Declined CVV's should not be submitted to moneris"???
In reply to MB_Moneris:
In reply to GaryS:
The CVD response code listing. You can find it in the "Testing" section in the footer of the developer portal or at the link below.