Payment Account Validation Documentation

Ready to start coding?

Things To Know

All Visa issuers support Account Verification requests. U.S. and U.K. issuers are required to support Address Verification Service and CVV2 Validation requests; participation in both services is optional for all other issuers. If you request an Address Verification or CVV2 Validation from a non-participating issuer, you will receive an appropriate Action Code in the response.

The Payment Account Validation API is available for use by any developer in sandbox and production. However, Visa retains the right to review your project implementation of this API before production on-boarding to ensure that it is being used appropriately.

Availability

The following table lists the regional availability for Payment Account Validation. To view availability of all products, refer to the Availability Matrix.

Available in entire region

Limited availability in region

Not available

Product Name Availability Notes
Payment Account Validation
Product Name Availability Notes
Payment Account Validation
Product Name Availability Notes
Payment Account Validation
Product Name Availability Notes
Payment Account Validation
Product Name Availability Notes
Payment Account Validation

Getting Started

The Payment Account Validation API provides several methods that you can use to determine if a particular Visa account is valid and in good standing.  The API currently provides three methods of account validation: Account Verification (also known as a $0 authorization), Address Verification, and Card Verification Value (CVV2) Validation.  The ability to pre-validate an account increases the probability of a successful, seamless transaction flow.

There are many situations in which you may need to know if a Visa account provided by your customer is valid before making services available to that customer in your project. Examples include validating a sender and/or recipient account before initiating a money transfer between them or validating an account before loading it into a digital wallet or card-on-file repository.

The Payment Account Validation API offers several methods that you can use to determine if a particular Visa account is valid and in good standing. Before using the API, it is important to understand what the available methods are and how they work. The API currently has three methods of account validation: Account Verification, the Address Verification Service (AVS), and Card Verification Value (CVV2) Validation. 

How Does it Work?

The Payment Account Validation API accepts a primary account number (PAN) as input and performs an Account Verification.  You can optionally elect to have Address Verification and/or CVV2 Validation done at the same time.  The API returns the validation results for each option in the API response.

Why Use It?

Seamless Transaction Flow

Applications can check if a card is stolen, expired, or frozen before initiating a transaction.

Early Error Detection

Applications can prompt users to correct incorrectly entered or invalid account number, address, or CVV2 information.

APIs Included

Payment Account Validation

The Payment Account Validation API allows applications to run validations on a payment account before processing a transaction, ensuring greater probability of success and allowing for a more seamless transaction flow.

Visa Direct

Transfer funds seamlessly, securely and quickly.

Account Verification ($0 Authorization Request)

You can use the Account Verification service (sometimes referred to as a $0 Authorization Request) to verify the status of an account. Specifically, the service verifies that the account is an actual issued account, that its check digit is valid, and that it is open and not in lost or stolen status. An Account Verification is always performed whenever the Payment Account Validation API is called. 

Address Verification Service (AVS)

You can use the Address Verification Service (AVS) to determine if the issuer of the account recognizes the billing address given to you by the user of your project. This service is primarily used in the e-commerce or other card-not-present environments, but can also be used in a card-present environment if you are unable to obtain a magnetic stripe or chip read. Address Verification is one of the options you can select when you use the Payment Account Validation API. 

Card Verification Value (CVV2) Validation

The Card Verification Value 2 (CVV2) is the three-digit security code that is printed on the signature panel of every Visa card. The CVV2 value is calculated using a secure cryptographic process and a key that is known only to the issuer and to Visa. You can use the CVV2 Validation service to determine if the issuer of the account recognizes the CVV2 value given to you by the user of your project. This will help you to verify that the cardholder has the physical card in their possession. CVV2 Validation is primarily used in the e-commerce or other card-not-present environments, but can also be used in a card-present environment if you are unable to obtain a magnetic stripe or chip read. CVV2 validation is one of the options you can select when you use the Payment Account Validation API. 

Using the Payment Account Validation API

To use the Payment Account Validation API, you must always provide a primary account number (PAN) to be validated in the request message. Depending on the optional services you choose, additional variables will be required in the request.

When you call the Payment Account Validation API, an Account Verification will always be performed for the requested account. The Action Code in the response message indicates the result of the verification check. If there are no negative conditions, and the account is in good standing, the Action Code will contain code 00 (approved) or code 85 (no reason to decline) and an Approval Code will be included in the response message. For unsuccessful verifications, the issuer or Visa (acting on the issuer's behalf) will return an appropriate negative response code. You can find a complete listing of all of the Action Code values on the Request and Response Code Reference.

In addition to Account Verification, you must perform either an Address Verification or a CVV2 Validation (or both) on the requested account. The API determines which of the optional services to perform based on the presence or absence of additional fields in the request message.

To perform an Address Verification on the requested account, you must collect the account's billing address from the cardholder and provide it as follows in the request message:

Street Address. Provide the first 20 characters of the street address. If the street address provided by the cardholder exceeds 20 characters, you should truncate the rightmost characters. To improve the accuracy of the matching process, you should also convert spelled numeric values in the street address to numerals; for example, convert “Thirty-One Park Place” into “31 Park Place” or “31 Third Street” into “31 3rd Street” before calling the API.

Postal Code. Provide at least 5 and up to 9 alpha and numeric characters (depending upon the structure of postal codes in the cardholder country).

The issuer or Visa (acting on behalf of the issuer) will compare the street address and postal code provided in the request with the billing address on file for the account and will return the match results in the Address Verification Results field in the response. The Response Source code indicates whether the response came from the issuer or from Visa acting on behalf of the issuer. (You can find a complete listing of all of the Address Verification Results values on the Request and Response Code Reference. )

To perform a CVV2 Validation on the requested account, you must collect the account's expiration date and CVV2 value from the cardholder and provide them in the request message. The expiration date must be in the form YYYY-MM and must be in the future. 

The issuer or Visa (acting on behalf of the issuer) will use the issuer-provided cryptographic keys and the information in the request message to recalculate the CVV2 value that was printed on the card when it was issued to the cardholder and then compare it to the value provided in the request message.The API will return the match results in the CVV2 Results Code field in the response.The Response Source code indicates whether the response came from the issuer or from Visa acting on behalf of the issuer.(You can find a complete listing of all of the CVV2 Results Code values on the Request and Response Code Reference. )

For tracking purposes, if you will be using the Payment Account Validation API in conjunction with calls to the Funds Transfer API, please populate the following fields in the request message (Acquiring BIN, Acquirer Country Code, and the Card Acceptor fields) with the corresponding values that you plan to use in your Funds Transfer API calls. Otherwise, you can exclude all of those fields from your request. 

Security and Authentication Requirements

The Payment Account Validation API uses mutual SSL authentication and channel encryption, which requires the caller to obtain a user ID and password as well as install a PKI certificate issued by Visa. Test credentials can be obtained online in the Project Console for sandbox testing. Production credentials will be supplied to you as part of the production on-boarding process. (Contact developer@visa.com ) for more information or to begin the production on-boarding process.