Hi,

I've set up the offline payment method and there is no CVV field. Is there a way to add it during the checkout process or do you have to use a full fledge gateway to get the CVV.

We've always processed offline in previous carts and supplying a CVV # to the bank gets us a better rate than without.

Thanks!

For PCI/CISP compliance reasons we do not store this value when an offline gateway is used. To capture the CVV you need to use a realtime payment gateway.

Why is it then that when I renewed my domain name with Network Solutions today, you asked me for my CVV number?

We have so many orders declined because we are not allowed to ask for the CVV number and our bank will not approve these orders, especially overseas orders (we are in the US), without the number. So we either lose orders (and money), or we are forced to jump through hoops in order to get this information anyway. Almost every time, the order is approved once we have the CVV. Yet, we can't ask for it, and Network Solutions can. We deal with a number of other online sales venues, and they all allow, nearly require, that the purchaser include their CVV number with their order. It's ridiculous that the number is needed by the retailer, but the retailer can't ask for it. Why not allow the buyer to include this info in the original order, but only store the CVV number for a limited period of time. I thought the PCI/CISP rules were about storing this information and not about asking for it per order and using it for that order.

Todd

Why not just install a gateway? Find out what payment gateways your merchant account supports and you should be good to go. Just think, one or two missed orders will pay for the monthly gateway fees.

You can use the CVV provided you use any of the realtime gateways we support.


In order for you to use it with a non-realtime gateway we would need to store it.

Hi Stig,

netsol uses a realtime gateway to process orders, that is why we can ask for it. Note though we do not store this value we simply pass it on to the gateway. Not even the gateway stores it they just usse it for verification. That is why anytime you are billed, etc if your CC info is stored we ask for the CVV...

Secondly per PCI's CISP rules - https://www.pcisecuritystandards.org/securi...ci_dss_v1-2.pdf

Rule 3, section 2



Section 3.2.2


Joe

Joe

I understand now why you can request the number, and I thank you both for explaining that.

That said, I still think that the number should be passed to us with the understanding that we can use it once and then must delete it; it seems your liability would end there and all risk would be ours. I'm not naive about security, and I know you would still be faced with storing the number for a certain period of time, but it seems a modicum of common sense security would allow for a balance wherein we can still function without having to chase down a customer every other day to try and get a card approval.

We have issues with using a gateway because we cannot quote a shipping price on orders outside the USA until we know exactly what is being ordered, how much it weighs and whether it must be shipped registered or express. It also seems like we are being pressured into using a gateway by making the non-gateway procedure so difficult --- another cut of our profits stripped away, forcing the retailer to pay yet another outside company, just a small percentage but all of it adding up.

I know you are not responsible for the whole CVV number procedure, a procedure that seems increasingly nonsensical to me, but I wanted to add my 2 cents in here, and so I have and no answer is required from you. Thanks.