How to Use Payment Account Validation

Account Verification ($0 Authorization Request)

You can use the Account Verification service (sometimes referred to as a $0 Authorization Request) to verify the status of an account. Specifically, the service verifies that the account is an actual issued account, that its check digit is valid, and that it is open and not in lost or stolen status. An Account Verification is always performed whenever the Payment Account Validation API is called. 

Address Verification Service (AVS)

You can use the Address Verification Service (AVS) to determine if the issuer of the account recognizes the billing address given to you by the user of your project. This service is primarily used in the e-commerce or other card-not-present environments, but can also be used in a card-present environment if you are unable to obtain a magnetic stripe or chip read. Address Verification is one of the options you can select when you use the Payment Account Validation API. 

Card Verification Value (CVV2) Validation

The Card Verification Value 2 (CVV2) is the three-digit security code that is printed on the signature panel of every Visa card. The CVV2 value is calculated using a secure cryptographic process and a key that is known only to the issuer and to Visa. You can use the CVV2 Validation service to determine if the issuer of the account recognizes the CVV2 value given to you by the user of your project. This will help you to verify that the cardholder has the physical card in their possession. CVV2 Validation is primarily used in the e-commerce or other card-not-present environments, but can also be used in a card-present environment if you are unable to obtain a magnetic stripe or chip read. CVV2 validation is one of the options you can select when you use the Payment Account Validation API. 

Account Name Inquiry (ANI) Validation

The Account Name Inquiry (ANI) service, when used with the Payment Account Validation API, allows you to check account name information held by participating Visa Issuers when performing an account verification prior to sending authorization or full financial requests for card-not-present transactions. The name match results can help to create a more robust and enhanced account verification solution as part of a layered approach to risk/fraud mitigation.

Using the Payment Account Validation API

To use the Payment Account Validation API, you must always provide a primary account number (PAN) to be validated in the request message. You must also always provide your acquiring BIN and country code.  

When you call the Payment Account Validation API, an Account Verification will always be performed for the requested account. The Action Code in the response message indicates the result of the verification check. If there are no negative conditions, and the account is in good standing, the Action Code will contain code 00 (approved) or code 85 (no reason to decline) and an Approval Code will be included in the response message. For unsuccessful verifications, the issuer or Visa (acting on the issuer's behalf) will return an appropriate negative response code. You can find a complete listing of all of the Action Code values on the Request and Response Code Reference.

Depending on the optional services you choose, additional variables will be required in the request.

In addition to Account Verification, you must perform either an Address Verification or a CVV2 Validation (or both) on the requested account. The API determines which of the optional services to perform based on the presence or absence of additional fields in the request message.

To perform an Address Verification on the requested account, you must collect the account's billing address from the cardholder and provide it as follows in the request message:

  • Street Address. Provide the first 20 characters of the street address. If the street address provided by the cardholder exceeds 20 characters, you should truncate the rightmost characters. To improve the accuracy of the matching process, you should also convert spelled numeric values in the street address to numerals; for example, convert “Thirty-One Park Place” into “31 Park Place” or “31 Third Street” into “31 3rd Street” before calling the API.
  • Postal Code. Provide at least 5 and up to 9 alpha and numeric characters (depending upon the structure of postal codes in the cardholder country).

The issuer or Visa (acting on behalf of the issuer) will compare the street address and postal code provided in the request with the billing address on file for the account and will return the match results in the Address Verification Results field in the response. The Response Source code indicates whether the response came from the issuer or from Visa acting on behalf of the issuer. (You can find a complete listing of all of the Address Verification Results values on the Request and Response Code Reference. )

To perform a CVV2 Validation on the requested account, you must collect the account's expiration date and CVV2 value from the cardholder and provide them in the request message. The expiration date must be in the form YYYY-MM and must be in the future. 

The issuer or Visa (acting on behalf of the issuer) will use the issuer-provided cryptographic keys and the information in the request message to recalculate the CVV2 value that was printed on the card when it was issued to the cardholder and then compare it to the value provided in the request message. The API will return the match results in the CVV2 Results Code field in the response. The Response Source code indicates whether the response came from the issuer or from Visa acting on behalf of the issuer. (You can find a complete listing of all of the CVV2 Results Code values on the Request and Response Code Reference).

To perform an Account Name Inquiry on the requested account, you must collect the account holder’s last name (required) and given first and/or middle names (strongly recommended), as well as cardholder consents as required by applicable Law and provide them names in the request message.

The Originator will receive an ANI result of (ANI Performed / Not Performed / Not Supported), and – if ANI is performed – a match result of (Match / No Match / Partial Match). (You can find a complete listing of all of the ANI Results Code values on the Request and Response Code Reference. )

For tracking purposes, if you will be using the Payment Account Validation API in conjunction with calls to the Funds Transfer API, please populate the following fields in the request message (Acquiring BIN, Acquirer Country Code, and the Card Acceptor fields) with the same corresponding values that you plan to use in your Funds Transfer API calls.