|CVN||Card Verification Number, also known as CVV / CVC / CSC. It is the 3-digit code on the back of most credit / debit cards, or the 4-digit code on the front of AMEX.|
|MDR||Merchant Discount Rate|
|FDS||Fraud Detection System|
|SDK||Software Development Kit|
|MID||Merchant ID (Given to merchant a by their acquiring bank)|
|MiGS||Mastercard Internet Gateway Service - Mastercard’s payment processor for banks|
|CtV||CyberSource through Visa - CyberSource’s payment processor for banks|
CVN (also known as CVV / CVC / CSC)
- Is CVN Optional?
- CVN is optional but recommended, as it increase chances of success. European Cards will generally decline unless CVN is included.
- Does Xendit store the CVN?
- No one is allowed to store CVN after an authorization attempt. This is why Amazon and Uber do not even ask for it, since they are not allowed to store it.
- For single-use tokens, we store it only until the first authorization attempt. After that it is deleted from Xendit's system immediately, regardless of whether or not the charge was successful.
- Why did the bank decline if CVN is incorrect, but accept if blank?
- Banks do this because if someone entered the wrong CVN, there's a good chance that it's stolen card info and the person doing the transaction did not have the CVN. So the bank rejects it because it's risky.
- However, the acquiring bank Xendit works with allows us to make CVN optional (like Amazon / Uber) to support the one-click flow. So if no CVN is sent at all, bank sees that as less risky than wrong CVN.
Mobile / SDKs
- Can all these features be applied to mobile apps (iOS & Android)?
- What is the difference between Xendit's mobile SDK & API?
- SDKs are for front-end operations only, which use your Public API Key for security. The only front-end operations are Tokenization and Authentication. This way, sensitive data never passes through your (or even our) servers as the libraries directly handle tokenization.
- All operations that actually affect money flow (Auhtorization, Capture, Refund) must be done from your back-end using your Private API Key.
Last Updated on 2023-05-20