With regards to the PayPal PayFlow Pro service, is it possible to pass through a CVV number when creating a recurring profile?
Currently on our site we only ask for a credit card number and expiry date when creating a recurring profile however we would now like to request the CVV number to improve card holder verification and I guess ultimately reduce the likelihood of potential fraud.
According to the documentation:
CVV isn't listed as a parameter for the "ADD" action as part of the recurring billing service however if you do pass it as a parameter, the response back contains information related to CVV validation as follows:
CVV2MATCH => N,
PROCCVV2 => N
What's interesting is that testing this in the PayPal Sandbox with an invalid CVV number, the response I get back is as follows:
Request:
TRXTYPE => R,
TENDER => C,
ACTION => A,
ACCT => 4111-XXXX-XXXX-1111,
CVV2 => XXX,
EXPDATE => 0518,
START => 04162014,
MAXFAILPAYMENTS => 1,
RETRYNUMDAYS => 2,
TERM => 0,
PAYPERIOD => YEAR,
AMT => 50.00,
PROFILENAME[9] => test_1234,
OPTIONALTRX => A,
COMMENT1[14] => Recurring Plan,
Response:
RESULT => 0,
RPREF => R1056C75AF08,
PROFILEID => RT0000014434,
RESPMSG => Approved,
TRXRESULT => 0,
TRXPNREF => A70A6ABE7817,
TRXRESPMSG => Verified,
AUTHCODE => 407PNI,
CVV2MATCH => N,
HOSTCODE => A,
PROCCVV2 => N,
VISACARDLEVEL => 12
As you can see although the CVV validation failed "CVV2MATCH => N" (which means there was no match), the transaction went through successfully "RESULT => 0, TRXRESULT => 0" and the recurring profile was subsequently created.
One would expect that a non-matching CVV would result in the transaction failing not succeeding.
Is there something that I've incorrectly assumed or are doing wrong? Is there a setting somewhere in PayPal Manager that needs to be enabled/disabled to deny transactions if CVV validation fails or is this simply some bug in the PayPal Sandbox.
Any help would be much appreciated.
Regards.
