The dCVV2 Generate API provides the ability to request and receive up to 24 dCVV2 codes for the same account per call. These codes can be made available to cardholders for use in card not present transactions, via the issuer’s mobile app, a dedicated app, or SMS. The dCVV2 Authenticate APIs enable issuers to provide individual account numbers for enrolment into the service (enrolment API), to remove an account from the service (unenroll API), and to check if an account number is enrolled (enquiry API).
Issuers may participate in dCVV2 Generate, or dCVV2 Authenticate, or both.
In addition to developing to these APIs, issuers must complete a Client Information Questionnaire and return it to their Visa representative to activate their BINs or account ranges for either the dCVV2 Authenticate or dCVV2 Generate services, or both. Issuers may still choose individual cards or accounts to enable for dCVV2, however, the entire BIN must be registered for dCVV2 capability.
All Visa Acquirers are required to support CVV2. It is not mandatory to include dCVV2 or CVV2 in the authorization message in all Visa regions. CVV2 or dCVV2 is not used in card-on-file authorization requests.
The dCVV2 Generate API and dCVV2 Authenticate APIs are available for use by issuers and approved third parties in sandbox and production.
The following table lists the regional availability for dCVV2 Generate and Authenticate. To view availability of all products refer to the Regional Availability table.
| North America | Asia-Pacific | Europe | CEMEA | LAC | Notes |
|---|
Start a Project
API Overview
API Reference