Quote:
|
Originally Posted by sperbonzo
That is correct. CVV is quite often used for initial authorization in order to pass a gateways fraud screening, but is not mandated for all transactions, and is not used for rebills. The processing gateway is not allowed to store the CVV any more than the merchant is. It is actually up to the acquring bank as to whether or not the CVV is required for all transactions or not.
For example, when you use your card at a gas pump, or ATM, the CVV is not required. It varies from bank to bank, MCC to MCC, and transaction type to transaction type.
|
Oh, interesting. Ah well, I must have read the regulations wrong then. This is what it says:
An acquirer?s fraud loss control program must meet the following minimum
requirements, and preferably will include the recommended additional
parameters. The program must automatically generate daily fraud monitoring
reports or real-time alerts. Acquirer staff trained to identify potential fraud
must analyze the data in these reports within 24 hours.
To comply with the fraud loss control Standards, acquirers also must transmit
complete and unaltered data in all card-read authorization request messages,
and also CVC 2 for all Card Not Present (formerly MO/TO), voice, and
e-commerce transactions.
Additionally, acquirers with high fraud levels must:
? Install ?read and display? terminals in areas determined to be at high risk
for fraud or counterfeit activity, or
? Install EMV chip terminals