This risk check fires when the card issuer responds that the user-entered verification code did not match that of the card.
The issuing bank mostly declines mismatching transactions, however in some rare scenarios a CVC/CVV/CID mismatch may accompany an authorization. These kinds of transactions have a high likelihood of fraud, even though the issuing bank authorized the transaction.
There are three separate configuration options for handling these responses. They are in order of strictness:
- Need to Match: When this is selected, the rule fires when the Match does not occur response, and Unable to perform check response is received.
- Match or Unable to Perform Check: In this configuration, the rule fires only when a non-match response is received.
- No Need to Match: Under this configuration, the rule will not fire if a non-match response is received. This essentially turns off this check.
In some scenarios, Adyen receives back an Unknown error response. You can select to either allow or disallow transactions with this response.