CVV Retention and Retrieval

Card Verification Value retention policies across the TokenEx platform

Overview

When a CVV is associated with a TokenEx token, that CVV is available to use for 7 days. The CVV is deleted from TokenEx systems after 7 days of non-use. See the below guidance for utilizing a CVV within this 7 day window. The following guidance applies to the TokenEx PCI Token Services, Transparent Gateway, and Payment Services APIs.

PCI Token Services

The /DetokenizeWithCvv action has an optional parameter called cacheCVV which defaults to false.

cacheCVVOutcome
false or omittedThe CVV is immediately deleted upon retrieval.
trueInitial request - updates the purge date to 5 minutes from the first request. Subsequent attempts to cache the CVV will not extend the timer.

Transparent Gateway

The below request headers apply to processing of the CVV Function. When tx-retain-cvv is true, tx-cachecvv is ignored.

tx-retain-cvvtx-cachecvvOutcome
false or omittedfalse or omittedTGAPI v2: the CVV is immediately deleted upon retrieval.
PS v2: the CVV is deleted when the transaction response indicates approved.
false or omittedtrueInitial request - updates the purge date to 5 minutes from the first request including the tx-cachecvv:true. Subsequent attempts to cache the CVV will not extend the timer.
truefalse or omittedSkips updating the CVV's purge date. 7 days from initial add is still in effect.
truetrueSkips updating the CVV's purge date. 7 days from initial add is still in effect.

Payment Services

The below request header applies to requests containing the `CreditCard.Cvv` request parameter.

tx-cachecvvOutcome
false or omittedThe CVV is deleted when the transaction response indicates approved.
trueInitial request - updates the purge date to 5 minutes from the first request's true. Subsequent attempts to cache the CVV will not extend the timer.