Payment Account Validation

Start a Project Start a Project API Overview API Overview

Download Payment Account Validation API Reference

Payment Account Validation API

The Payment Account Validation API allows applications to run validations of the payment account before processing a transaction ensuring greater probability of success and allowing for a more seamless transaction flow.


Card Validation
v1 - Latest

Perform validations of the payment account

Request
Request Body schema:
application/json
application/json
application/xml

Request body for Card Validation

acquirerCountryCode
required
string 3 characters

The clients must provide a 3-digit numeric ISO country code in this field.
Requests that do not contain a valid Acquirer Country Code will be rejected beginning 1 April 2025.

Example: "string"
acquiringBin
required
string [ 6 .. 11 ] characters

This field must contain an acquiring BIN. This requirement applies to all users of this API.

  • Clients who are unsure of their BIN should contact their Visa representative for assistance.
  • Visa internal applications submitting the requests in support of Visa services may contact the product office for assistance.

Requests that do not contain a valid Acquirer BIN will be rejected beginning [1 April 2025]

primaryAccountNumber
required
string [ 13 .. 19 ] characters

The primary account number for which account validations are being performed

Example: "string"
accountType
string

This is used to identify the account type of the primaryAccountNumber in the request. Below are the possible values.
00-Not applicable
10-Savings Account
20-Checking account
30-Credit card account
40-Universal account
Default is set to 00 if not provided.

object

Contains the address of the cardholder to be verified with the card issuer.

postalCode
required
string [ 1 .. 9 ] characters

Note: Required when addressVerificationResults object is present in the request.

Postal Code provided by the account holder for the primaryAccountNumber in the request.

street
string [ 1 .. 20 ] characters

Address provided by the account holder for the primaryAccountNumber in the request.

object

The cardAcceptor is the merchant, funds transfer originator or Visa internal application submitting the Payment Account Validation request.

All users must provide card acceptor information for reporting purposes At a minimum, idCode and name are required.

idCode
required
string [ 1 .. 15 ] characters

Note: Required when CardAcceptor object is present in the request.

This field must contain an identifier for the card acceptor (Funds Transfer Originator or merchant).

  • This value should be unique for each originator for whom you are sending transactions and must not contain all zero’s.
  • If the card acceptor does not have an idCode, the client’s 8 digit Business Identifier (BID) + 3-digit numeric country code may be used in this field.
  • For requests originated by Visa on behalf of clients that use a Visa-owned Acquiring BIN, this field should contain the business ID of the client requesting the service.
  • Clients who are unsure of their BID should contact their Visa representative for assistance.

Requests that do not contain an idCode will be rejected beginning [1 April 2025].

name
required
string [ 1 .. 25 ] characters

Note: Required when CardAcceptor object is present in the request.

Name of the cardAcceptor

  • This field must contain the name of the cardAcceptor (Funds Transfer Originator or merchant) as known to the cardholder.
  • For requests originated by Visa on behalf of clients, this field should contain the name of the service as known to the client requesting the service.

Requests that do not contain a card acceptor name will be rejected. beginning [1 April 2025]

object

Contains the physical address, URL or telephone number for the merchant or funds transfer originator/operator requesting the Account Validation.

city
string [ 1 .. 13 ] characters

City of themerchant or the funds transfer originator/operator.

Example: "string"
country
string [ 2 .. 3 ] characters

This field must contain the 3-character alpha country code for the country of the merchant or the originator or the funds transfer operator. Refer to ISO Codes

Example: "string"
county
string 3 characters

County of the funds transfer operator/originator

Example: "string"
state
string 2 characters

Use a 2-character abbreviated states code or territory code as the state value. Make sure to give a valid state code for given country.

Example: "string"
zipCode
string [ 5 .. 9 ] characters

Zip/Postal code of the merchant or the funds transfer operator/originator.

Example: "string"
terminalId
string [ 1 .. 8 ] characters

The identifier for the terminal at a card acceptor location. If sending transactions from a card not present context, the same value may be used for all transactions .

cardCurrencyCode
string 3 characters

Use a 3-character alpha or numeric currency code for the currency of the card.

Refer to ISO Codes

Example: "string"
cardCvv2Value
string [ 3 .. 4 ] characters

The cvv2Value value provided by the account holder for the primaryAccountNumber in the request.
Note:dtvv as a token cryptogram can be placed in the request in cardCvv2value.

Example: "string"
cardExpiryDate
string 7 characters

This field must contain tThe expiration date for the primaryAccountNumber in the request. The date is in yymm numeric format, where yy = year (00-99) and mm = month (01-12). The date should not be a past date.
Required for all Visa branded transactions and when the cvv2Value is present.

Example: "string"
cardHolderEmailAddress
string [ 1 .. 99 ] characters

Card holder Email Address verified with the issuer.

Example: "string"
object

API calls have to be MLE enabled to be able to send in this data.

lastName
required
string [ 1 .. 35 ] characters

Note: Required when CardHolderNameVerificationRequest object is present in the request.

This field identifies last name of account or entity. Must not contain:

All spaces
All zeros
All numerics
Any question mark

Example: "string"
firstName
string [ 1 .. 35 ] characters

This field identifies first name of account or entity. Must not contain:

All spaces
All zeros
All numerics
Any question mark

Example: "string"
middleName
string [ 1 .. 35 ] characters

This field identifies middle name of account or entity. Must not contain:

All spaces
All zeros
All numerics
Any question mark

Example: "string"
ownerType
string 2 characters

This field will contain the account owner type to identify if the name belongs to the primary or secondary account owner. Below are the possible values.

01 - Primary account owner
02 - Secondary account owner

Example: "string"
cardHolderPhoneNumber
string [ 1 .. 16 ] characters

Card holder Phone Number verified with the issuer.
First 3 numerics will be ISD code followed by up to 12 numerics for the phone number eg. 0013031234567, where 001 is country code and 3031234567 is phone number.

Example: "string"
object

This is an optional field. This is used to validate the cardholder identity of the primaryAccountNumber in the request.Supported only in the LAC region. API calls have to be MLE enabled to be able to send in this data.

Array of objects
Array
identityType
required
string

Note: Required when IdentityVerificationRequest object is present in the request.

Type of identification. Below are the possible values.

NATIONALIDENTITY
PASSPORT
DRIVERLICENSE
TAX

identityValue
required
string [ 1 .. 35 ] characters

Note: Required when IdentityVerificationRequest object is present in the request.

The identification value

object

Note: For a CardPresent Transactions, this field is required.

If this object is not present API will default following values "pointOfServiceCapability": {"posTerminalType": "5","posTerminalEntryCapability": "1","acceptsPartialAuthorizations":"false"}"

posTerminalEntryCapability
integer

Recommended value for card not present is 5. Default value is 5.

Note:Valid values if card is present include 0, 3 and 4. If card is not present, valid value is 5.

posTerminalType
integer

This 1-digit code identifies the basic POS electronic terminal category.

Valid Values :
0-Unspecified
3-Unattended cardholder-activated, authorized transaction Use to indicate that the transaction has all following characteristics: Occurs in an unattended cardholder-activated environment.Is authorized online or approved offline. Examples are: Movie and game rentals and Automated retail
4-Electronic cash register
5-Unattended customer terminal (intended for use in the LAC region only)
7-Telephone device (including Visa dial terminals)
8-Reserved
9-Use to identify that an mPOS device is used to originate a transaction on an open network

object

Contains a code identifying transaction conditions at the point-of-sale or point of service. For messages that follow an original request, this code identifies the type of processing being done.
Note: For a CardPresent or Token Transactions, this field is required. If this Object is not passed in the request then API will default at following values: "pointOfServiceData": { "panEntryMode": "01","posConditionCode": "51"}"

motoECIIndicator
required
string 1 characters

Identifies the level of security used in an electronic commerce transaction over an open network (for example, the Internet) or the type of mail or telephone order. Acquirers supply indicator values, which V.I.P. forwards in requests and advices to issuers that have successfully tested to receive them. The subfield is dropped if issuers have not successfully completed testing or choose not to receive it.

Required for Tokens with cryptograms. Recommended values for Tokens are 05(Secure electronic commerce transaction) or 07 (Non-Authenticated security transaction).

Optional for Card verification without CAVV validation.

Refer to Moto ECI Codes

panEntryMode
required
integer

A 2-digit code that identifies the method used to enter the cardholder account number and card expiration date. This code specifies whether the entire magnetic stripe is included in an authorization or financial request.

Recommended value for card/token verification for Card not present transactions is 01. Default value is 01.

Refer to PAN Entry Mode Codes

posConditionCode
required
integer

Contains a code identifying transaction conditions at the point of sale or point of service. For messages that follow an original request, this code identifies the type of processing being done.

For Address/cvv2/account verification without authorization is 51. Default value is 51.

Refer to POS Condition Codes

posEnvironment
string 1 characters

Conditional

This field is required to identify whether a transaction is merchant-initiated.

Refer to POS Environment Codes

specialConditionIndicatorMerchant
string 1 characters

Cryptocurrency indicator with the value of “7” can be used to identify the purchase of cryptocurrency, thereby providing greater visibility to the issuers.

retrievalReferenceNumber
string 12 characters

This is an optional field. It is recommended that the clients of Funds Transfer APIs provide retrievalReferenceNumber for tie the calls with a single funds transfer transaction.
Recommended Format: ydddhhnnnnnn
The first fours digits must be a valid yddd date in the Julian date format, where the first digit = 0-9 (last digit of current year) and the next three digits = 001-366 (number of the day in the year).
hh can be the two digit hour in a 24 hour clock (00-23) during which the transaction is performed.
nnnnnn can be the SystemsTraceAuditNumber or any 6 digit number.

Example: "string"
systemsTraceAuditNumber
string 6 characters

This is an optional field. It is recommended that the clients of Funds Transfer APIs provide systemsTraceAuditNumber for tie the calls with a single funds transfer transaction.

Example: "string"
tavv
string 40 characters

The token authentication verification or token cryptogram value provided by the token provider for the card token in the request. dtvv in cardCvv2Value or tavv is required to be placed when Token is entered in primary account number. This field should be in hexabinary format.

Example: "string"
Responses
200

Card Validation Response

Response Schema:
application/json
application/json
application/xml
actionCode
required
string 2 characters

The results of the transaction request.
Refer to ActionCode
Note: The VisaNet Response Code for the transaction

Example: "string"
responseCode
required
string 1 characters

The source for the response; typically, either the recipient issuer or a Visa system.
Refer to ResponseSource

Example: "string"
transactionIdentifier
required
string 15 characters

The VisaNet reference number for the transaction.

Example: "string"
addressVerificationResults
string 1 characters

Results of the Address Verification Service (AVS) validation for the PrimaryAccountNumber in the request.
Refer to addressVerificationResults

Example: "string"
approvalCode
string 6 characters

The authorization code from the issuer.

Example: "string"
cardAuthenticationResults
string 1 characters

A Visa-defined code indicating Online Card Authentication Method results.
Refer to cardAuthenticationResults.
Note: Reserved for future use

Example: "string"
cardholderAuthenticationVerificationResults
string 1 characters

If TAVV is provided in the request, its validation result will be provided in this field.

For future: This field will be extended to provide validation result for Cardholder Authentication Verification Value (CAVV) if it appears in the request.
Refer to CAVV Results Codes.
Note: For E-Commerce transactions containing token data, this attribute must be present with a value of 0, 1, or 2. If the TAVV fails validation, this attribute will have TAVV validation result with a value of 1.

Example: "string"
cardHolderEmailAddressVerificationResults
string 1 characters

Card holder Email Address Verification Results from the issuer.
Possible Result sets include-

1 - Verified
2 - Failed
3 - Not performed

Example: "string"
object

Optional Service enabling verification of the cardholder name.API calls have to be MLE enabled to be able to send in this data.

firstNameAccountMatchDecision
string 2 characters

This field will contain the decision of the account First name matching performed by Account Name Inquiry if value in nameResult field contains the value of 00.

Refer to ANI match decision

Example: "string"
lastNameAccountMatchDecision
string 2 characters

This field will contain the decision of the account Last name matching performed by Account Name Inquiry if value in nameResult field contains the value of 00.

Refer to ANI match decision

Example: "string"
middleNameAccountMatchDecision
string 2 characters

This field will contain the decision of the account Middle name matching performed by Account Name Inquiry if value in name Result field contains the value of 00.

Refer to ANI match decision

Example: "string"
nameMatchDecision
string 2 characters

This field will contain the decision of the account name matching performed by Account Name Inquiry if value in nameResult field contains the value of 00.

Refer to ANI match decision

Example: "string"
nameResult
string 2 characters

This field will contain the result of the Account Name Inquiry request. Below are the possible values.

Refer to ANI name Result

Example: "string"
cardHolderPhoneNumberVerificationResults
string 1 characters

Card holder Phone Number Verification Results from the issuer.
Possible Result sets include-

1 - Verified
2 - Failed
3 - Not performed

Example: "string"
cardVerificationResults
string 1 characters

A Visa-defined code indicating Card Verification Value (CVV), iCVV (Integrated Chip Card CVV) or dCVV (dynamic CVV) verification results.
Refer to CVV/iCVV Results Codes.
Note: Reserved for future use

Example: "string"
cvv2ResultCode
string 1 characters

Results of the CVV2 validation for the primaryAccountNumber in the request. When dtvv is provided in cardCvv2Value in the request, cvv2ResultCode will be sent in response along with tokenVerificationResult
Refer to cvv2ResultsCode

Example: "string"
object

Cardholder identity validation results for the primaryAccountNumber in the request.Supported only in the LAC region.

Array of objects
Array
identityType
required
string

Type of identification result. Below are the possible values.

NATIONALIDENTITY
PASSPORT
DRIVERLICENSE
TAX

Example: "string"
identityVerificationResult
required
string 1 characters

Validation results. Below are the possible values.

1 - Verified
2 - Failed
3 - Not performed
4 - Issuer does not support id verification

Example: "string"

© Copyright Visa. All Rights Reserved.

NOTICE: The software and accompanying information and documentation (together, the “Software”) remain the property of and are proprietary to Visa and its suppliers and affiliates. The Software remains protected by intellectual property rights and may be covered by U.S. and foreign patents or patent applications. The Software is licensed and not sold.

By accessing the Software you are agreeing to Visa's terms of use (developer.visa.com/terms) and privacy policy (usa.visa.com/legal/global-privacy-notice.html). In addition, all permissible uses of the Software must be in support of Visa products, programs and services provided through the Visa Developer Program (VDP) platform only (developer.visa.com). THE SOFTWARE AND ANY ASSOCIATED INFORMATION OR DOCUMENTATION IS PROVIDED ON AN “AS IS,” “AS AVAILABLE,” “WITH ALL FAULTS” BASIS WITHOUT WARRANTY OR CONDITION OF ANY KIND. YOUR USE IS AT YOUR OWN RISK.

post/pav/v1/cardvalidation

Sandbox server

https://sandbox.api.visa.com/pav/v1/cardvalidation
Request samples
application/json
application/json
application/xml
Account Validation Unsuccessful
Account Validation Unsuccessful
Account validation using Token Successful
Account Validation Successful
{
  • "systemsTraceAuditNumber": "743720",
  • "cardCvv2Value": "022",
  • "cardAcceptor": {
    },
  • "acquirerCountryCode": "840",
  • "primaryAccountNumber": "4957030420210462",
  • "acquiringBin": "408999",
  • "retrievalReferenceNumber": "015221743720",
  • "cardExpiryDate": "2020-10",
  • "addressVerificationResults": {
    }
}
Response samples
application/json
application/json
application/xml
{
  • "actionCode": "string",
  • "approvalCode": "string",
  • "responseCode": "string",
  • "cvv2ResultCode": "string",
  • "identityVerification": {
    },
  • "transactionIdentifier": "string",
  • "cardVerificationResults": "string",
  • "cardAuthenticationResults": "string",
  • "addressVerificationResults": "string",
  • "cardHolderNameVerificationResult": {
    },
  • "cardHolderPhoneNumberVerificationResults": "string",
  • "cardHolderEmailAddressVerificationResults": "string",
  • "cardholderAuthenticationVerificationResults": "string"
}