CVV Retention and Retrieval
Card Verification Value retention policies across the TokenEx platform
Overview
When a CVV is associated with a TokenEx token, that CVV is available to use for 7 days. The CVV is deleted from TokenEx systems after 7 days of non-use. See the below guidance for utilizing a CVV within this 7 day window. The following guidance applies to the TokenEx PCI Token Services, Transparent Gateway, and Payment Services APIs.
PCI Token Services
The /DetokenizeWithCvv action has an
optional parameter called cacheCVV which defaults to false.
cacheCVV | Outcome |
|---|---|
| false or omitted | The CVV is immediately deleted upon retrieval. |
| true | Initial request - updates the purge date to 5 minutes from the first request. Subsequent attempts to cache the CVV will not extend the timer. |
Transparent Gateway
The below request headers apply to processing of the CVV Function.
When tx-retain-cvv is true, tx-cachecvv is ignored.
tx-retain-cvv | tx-cachecvv | Outcome |
|---|---|---|
| false or omitted | false or omitted | TGAPI v2: the CVV is immediately deleted upon retrieval. PS v2: the CVV is deleted when the transaction response indicates approved. |
| false or omitted | true | Initial request - updates the purge date to 5 minutes from the first request including the tx-cachecvv:true. Subsequent attempts to cache the CVV will not extend the timer. |
| true | false or omitted | Skips updating the CVV's purge date. 7 days from initial add is still in effect. |
| true | true | Skips updating the CVV's purge date. 7 days from initial add is still in effect. |
Payment Services
The below request header applies to
srequests containing the CreditCard.Cvv request
parameter.
tx-cachecvv | Outcome |
|---|---|
| false or omitted | The CVV is deleted when the transaction response indicates approved. |
| true | Initial request - updates the purge date to 5 minutes from the first request's true. Subsequent attempts to cache the CVV will not extend the timer. |