Visa CVV impact on existing batch Payment or Vault/Tokenization

Hi There,

 

Our firm is recently planning to implement Moneris vault to tokenize our customers CC and we are already using Moneris batch upload for charging our CC clients. We recently came across https://community.moneris.com/blogs/b/announcements/posts/expanded-use-of-visa-card-verification-value-2-cvv2 and wonder if that will impact us in any way i.e. starting to capture CVV from our customers when asking their CC details OR asking all of our old CC customers to provide CVV for our batch upload.

 

A prompt response will really be appreciated. 

  • The input of CVD will be mandatory for any one time e-commerce transactions as well as the first transaction for credential on file transactions.
  • In reply to MB_Moneris:

    Just to recap, you mean to say that CVV is mandatory for all onetime transactions and we need to capture CVV for future customers (to be stored in Moneris vault) who we would charge recurrently/monthly via batch/file transactions; please correct me if my understanding is not correct.

    And do you mean that for all of our existing customers (who, at the moment, are charged recurrently/monthly via Moneris batch/file transaction) we don't need to provide CVV because its not their first transaction?
  • In reply to Sajid:

    The CVD can not be stored (PCI regulations).
    Any single e-commerce payment (not CoF) requires the CVD.
    The first transaction as part of a Credantials on File (CoF) transaction will require the CVD.
    Recurring transaction (considered CoF) only require the first transaction to have the CVD, the subsequent transactions do not require it. They will require the additional CoF fields to be included.
  • In reply to MB_Moneris:

    Pardon me for my confusions, perhaps I wasn't clear in my explanation.

    1) We have thousands of customers for whom we don't have CVD but we have been processing them on a monthly/recurrently basis via Moneris (via a batch file). As per VISA's new regulations, do we need to contact all of them to acquire their CVD or are they exempted from current implications because it's not their first transaction i.e. we have already been charging them regularly for long.

    2) Furthermore, if CVD can't be stored then how will it work for us in most of our CC tokenization, let's say we tokenize a CC (along with CVD) but we don't charge them right away but will charge them at the end/start of the month.
  • In reply to Sajid:

    1) Existing accounts do not need to pass the CVD, they will need to pass the credential on file details come October.
    2) You would need to process at least a card verification or pre-auth with the CVD.
  • In reply to MB_Moneris:

    Thanks for your clarity, but we have a couple of more questions related to it:
    1) What are the credential on file (CoF) fields/details? what to they consist of? Will it be returned after we do a first transaction?
    2) Definition of recurrent transaction? Does this mean we have to charge a fixed amount every month, what will happen if we have variable amount transactions every month?
  • In reply to Sajid:

    1) you can find the details on github

    https://github.com/moneris?utf8=%E2%9C%93&q=credential+on+file&type=&language=

     

    2) A recurring does not need to be the same amount, it should be based on a specific period.

  • In reply to MB_Moneris:

    Our team, after discusion, came up with a few more question, which is:

    1. For all of our existing customers, how can we obtain CoF before October since we don't have a CVD for them?
      1. Can CoF be obtained for all of them if we move them into Moneris vault (keep in mind that we don't have CVD for any of them)?
    2. If we Tokenize a CC (and store it in Moneris vault) via Moneris iframe, does this mean a card verification will be done automatically by Moneris and we will have a a CoF along with a Token as well?

    3. If we obtain a CoF, do we need to store it in our system or will it be available in Moneris vault,
      i.e. for recurrent transaction should we only provide a Token and amount (and Moneris will pick CoF from their vault)
      or
      should provide CoF along with (in this case CoF will be stored in our system, will that impact our PCI compliance)?