availability

Our card verification feature only works with credit and debit card payment methods.

Card verification is a strong first-line defense against potentially fraudulent cards. It ensures that the credit card number provided is associated with a valid, open account and can be stored in the Vault and charged successfully. We can verify the following fields with the customer’s bank:

  • Card number
  • Card expiration date
  • Street address and postal code
  • CVV

If card verification is enabled, the gateway will verify that credit cards are valid and pass any of your configured AVS and CVV rules before they are stored in the Vault. Cards that are not valid will not be stored in the Vault.

How it works

The Braintree gateway verifies credit cards by running either a $0 or $1 authorization and then automatically voiding it. For most processors, Visa and Mastercard are initially tried with $0 authorizations.

Some card types, such as American Express and Discover, don't consistently support $0 authorizations. These cards must instead be verified with $1 requests. In any instance where a $1 authorization returns a successful result, we immediately follow up with an automatic void request to ensure that the transaction does not settle and that it disappears from the cardholder's statement as soon as possible.

note

Some banks don't recognize void requests immediately. It's possible that after the void is issued, your customer will still see the pending charge. If this happens, have your customer call their bank; the bank should be able to see the void request and update your customer's bank statement accordingly.

Enabling card verification

To enable card verification for all cards as they are entered into the Vault:

  1. Log into the Control Panel
  2. Navigate to Settings > Processing
  3. Scroll down to Vaulting
  4. Click the toggle next to Card Verification

If enabled, the gateway will verify that credit cards are valid and pass configured AVS/CVV rules before they are stored in the Vault. Cards that are not valid will not be stored in the Vault.

note

You can also choose to verify cards on an individual basis, if you prefer. Learn more about card verification in our developer docs.

Retrying all failed $0 verifications

Certain banks using Visa and Mastercard do not accept $0 as a valid transaction amount. These banks typically respond with a specific decline code that tells us that we should retry the authorization with an amount of $1, which we do automatically. However, in cases where we're sent a generic decline code, the authorization is not retried by default.

To attempt to avoid rejecting otherwise valid cards, you can opt to retry all failed $0 authorizations as $1 authorizations, regardless of the processor decline response.

To enable this feature:

  1. Log into the Control Panel
  2. Navigate to Settings > Processing
  3. Scroll down to Vaulting
  4. Click the toggle next to Card Verification – Retry All Failed $0
note

Retry All Failed $0 verifications can be enabled even if Card Verification is disabled, in the event that you request individual card verifications via the API. Learn more in our developer docs.

Verifying cards already stored

Due to PCI compliance restrictions, we never store your customer’s CVV. You’ll need to collect this from them again before re-verifying a card via the Control Panel or API.

If you'd like to re-verify a card already stored in a Vault record:

  1. Log into the Control Panel
  2. Under Advanced Search, click Vault
  3. Locate your customer in the Vault and click on the payment method Token
  4. Click Edit
  5. Under Payment Method Details, check the box next to Verify card
  6. Enter the card's CVV and click Save

The verification result will appear on the next page, along with the CVV and AVS Responses.

Re-verification can also be done via the API. Learn more in our developer docs.

Still have questions?

If you can’t find an answer, contact our Support team


← Back to Previous Page