|CVN||Card Verification Number, also known as CSC/CVV. It is the 3-digit code on the back of most credit/debit cards, or the 4-digit code on the front of AMEX.|
|MDR||Merchant Discount Rate|
|FDS||Fraud Detection System|
|SDK||Software Development Kit|
|MID||Merchant ID (Given to merchant by acquiring bank)|
|MiGS||MasterCard Internet Gateway Service - Mastercard’s payment processor for banks.|
|CtV||CyberSource through Visa - Cybersource’s payment processor for banks.|
CVN (CVC, CSC)
Is CVN Optional?
CVN is optional but recommended, as it increase chances of success. European Cards will generally decline unless CVN is included.
Do you store the CVN?
No one is allowed to store CVN after an authorization attempt. This is why Amazon and Uber don't even ask for it, since they are not allowed to store it
For single use tokens, we store it only until the first authorization attempt. After that it is deleted from our systems immediately, regardless of whether or not the charge was successful
Why did the bank decline if CVN is incorrect, but accept if blank?
Banks do this because if someone entered wrong CVN, there's a good chance that it's stolen card info and person didn't have CVN. So bank rejects it because it's risky. But our bank allowed us to make CVN optional (like Amazon/Uber) to support the one-click flow. So if no CVN is sent at all, bank sees that as less risky than a wrong CVN.
Mobile / SDKs
Can all these features be applied to mobile apps (iOS & Android)?
What is the difference between your mobile SDK & your API?
SDKs are for front-end operations only, which use your public API key for security. The only frontend operations are tokenizing and authenticating. This way, sensitive data never passes through your (or even our) servers as the libraries directly handle tokenization.
All operations that actually affect money flow (authorize, capture, refund) must be done from your backend using the private API key.