CVV2 not required when using Visa Secure in Europe from April

From April 13, 2024, you will no longer be required to provide the Card Verification Value 2 (CVV2) in the authorization for transactions authenticated using Visa Secure (EMV 3DS) in Europe. Additionally, issuers must not decline a Visa Secure transaction in Europe based solely on a missing CVV2 value.

‍How will this benefit you?

• Issuers will no longer be able to decline a transaction based on the CVV2 value that has been input - currently, if the CVV2 provided is incorrect, the issuer will most likely decline the transaction. A customer could have gone through full SCA checks but the transaction can still be declined due to user input error when entering the CVV2 at checkout. 

• Issuers must not decline a transaction if it is missing a CVV2 - issuers must remove any real-time decline strategies for Visa Secure transactions in Europe based solely on a missing CVV2 value, by April 13, 2024. This means it is your choice if you would like to submit this value. 

• Visa secure transactions will be exempt from CVV2 card not present requirements in Europe - acquirers can optionally provide the CVV2 in the authorization for Visa Secure transactions in Europe on a risk basis.

What do you need to do? 

You may want to make the CVV2 field optional or remove it completely if your customer is paying with a Visa card. Please also review and make any amendments to any fraud detection or risk settings that you have in place by this date. 

‍
If you have any questions or need further support, please email us at [email protected] or reach out to your dedicated Account Manager.

‍