Website Payments Pro Card Verifications
DocsDeprecated
Important: PayPal isn't accepting new users for this feature, and we require existing users to upgrade to our Advanced Debit and Credit solution that supports EMV 3DS (3DS 2.0) for PSD2. Our Advanced Debit and Credit solution enables highly customizable custom-card fields and reduced PCI Compliance requirements. For more information, see Set up advanced credit and debit card payments.
To verify that a card holder's account is in good standing, you can make a card verification call, also known as authorizations without purchase or $0 Auths. When you verify a card, the transaction amount is zero. Card issuers should decline cards that are not valid or reported as lost or stolen.
Note: The card networks discourage $1 authorizations for card verification calls. Instead, authorize amounts greater than zero for transactions that you intend to capture.
If you offer your buyers a free-trial period or recurring subscription payments, you can immediately verify a buyer's card instead of waiting for their first billing date.
If you need to charge the card holder only one time after you verify the card, you can make a reference transaction.
Integration steps
| 1. | Required | Learn about card verification support and limitations. |
| 2. | Required | Verify a card. |
Card verification support and limitations
- You can verify Mastercard and Visa cards for transactions in most currencies.
- You can verify American Express and Discover cards for
USDtransactions.
If fraud protection address verification service (AVS) or the card verification feature (CID/CVV) is enabled for your account, AVS and CID/CVV results are returned in card verification transactions if supported by the card issuer.
Note: If you would like to see CID results for American Express cards, American Express does not return CID results on (zero amount) card verification transactions; to validate CID results, use $1 authorization transactions.
Per transaction fees apply for card verification transactions. These transactions do not have percentage or discount rate fees. For fee information, see PayPal Merchant Fees.
Verify a card
To verify a card, call the DoDirectPayment (NVP | SOAP) API operation. This call accepts a zero amount authorization. Set the PaymentAction field to Authorization and the transaction amount to zero. Unlike a regular authorization, no hold is placed on the card holder's account, and the transaction does not appear on the card holder's statement.
Card verifications are considered completed once the API response is sent. The paypal.com transaction activity page lists card verification transactions as authorization transactions with a zero amount and with a Completed status. Re-authorizations as well as capture and void attempts on card verification transactions are not permitted and returns the 10575 error code.
Merchants who use the Instant Payment Notification service should receive transaction notifications for card verification transactions. Also, similar to other transaction types, use the GetTransactionDetails (NVP | SOAP) and TransactionSearch (NVP | SOAP) API operations to lookup transaction details.
This example verifies the buyer's card using the DoDirectPayment API operation. No further action is required.
Request
In your DoDirectPayment request, set the PaymentAction field to Authorization and set the transaction amount to zero:
<form method=post action=https://www.sandbox.paypal.com/nvp> <input type=hidden name=USER value=...> <input type=hidden name=PWD value=...> <input type=hidden name=SIGNATURE value=...> <input type=hidden name=VERSION value= 58.0> <input type=hidden name=PAYMENTACTION value=Authorization> <input type=hidden name=CREDITCARDTYPE value=Visa> <input type=hidden name=ACCT value=...> <input type=hidden name=STARTDATE value=112000> <input type=hidden name=EXPDATE value=112020> <input type=hidden name=CVV2 value=123> <input type=hidden name=AMT value=0.00> <input type=hidden name=CURRENCYCODE value=USD> <input type=hidden name=FIRSTNAME value=...> <input type=hidden name=LASTNAME value=...> <input type=hidden name=STREET value=...> <input type=hidden name=STREET2 value=> <input type=hidden name=CITY value="San Francisco"> <input type=hidden name=STATE value=CA> <input type=hidden name=Zip value=94121> <input type=hidden name=COUNTRYCODE value=US> <input type=hidden name=EMAIL value=... > <input type=submit name=METHOD value=DoDirectPayment> </form>
Response
A successful card verification response contains a SuccessWithWarning value in the Ack response field. So that merchants do not mistake card verifications for a payment, the response message includes the 10574 error code with the Credit Card Verified short message. If the card is invalid, the response contains Ack=Failure and an error message. If the card issuer does not support card verifications, the response includes error code 10525. The card verification can be tracked and referenced using the TransactionID field:
TIMESTAMP=2010%2d03%2d08T19%3a35%3a18Z&CORRELATIONID=ab12f37f9566&ACK=SuccessWithWarning&VERSION=109%2e0&BUILD=1218643&L_ERRORCODE0=10574&L_SHORTMESSAGE0=Credit%20Card%20Verified&L_LONGMESSAGE0=This%20card%20authorization%20verification%20is%20not%20a%20payment%20transaction.&AMT=0%2e00&CURRENCYCODE=USD&AVSCODE=X&CVV2MATCH=M&TRANSACTIONID=6RH38738S17889722
The successful verification transaction is complete.
If the card is invalid, the response shows Ack=Failure and an error message.
TIMESTAMP=2013%2d10%2d18T05%3a47%3a13Z&CORRELATIONID=68e0c22ecd4fd&ACK=Failure&VERSION=93%2e0&BUILD=8165610&L_ERRORCODE0=15005&L_SHORTMESSAGE0=Processor%20Decline&L_LONGMESSAGE0=This%20transaction%20cannot%20be%20processed%2e&L_SEVERITYCODE0=Error&AMT=0%2e00&CURRENCYCODE=USD&AVSCODE=G&CVV2MATCH=I
Next
Learn about recurring payments.