General FAQ

Acronyms

CVN (also known as CVV / CVC / CSC)

• Is CVN Optional?
  • CVN is optional but recommended, as it increase chances of success. European Cards will generally decline unless CVN is included.
• Does Xendit store the CVN?
  • No one is allowed to store CVN after an authorization attempt. This is why Amazon and Uber do not even ask for it, since they are not allowed to store it.
  • For single-use tokens, we store it only until the first authorization attempt. After that it is deleted from Xendit's system immediately, regardless of whether or not the charge was successful.
• Why did the bank decline if CVN is incorrect, but accept if blank?
  • Banks do this because if someone entered the wrong CVN, there's a good chance that it's stolen card info and the person doing the transaction did not have the CVN. So the bank rejects it because it's risky.
  • However, the acquiring bank Xendit works with allows us to make CVN optional (like Amazon / Uber) to support the one-click flow. So if no CVN is sent at all, bank sees that as less risky than wrong CVN.

Mobile / SDKs

• Can all these features be applied to mobile apps (iOS & Android)?
  • Yes! You can find our IOS SDK here and our Android SDK here
• What is the difference between Xendit's mobile SDK & API?
  • SDKs are for front-end operations only, which use your Public API Key for security. The only front-end operations are Tokenization and Authentication. This way, sensitive data never passes through your (or even our) servers as the libraries directly handle tokenization.
  • All operations that actually affect money flow (Auhtorization, Capture, Refund) must be done from your back-end using your Private API Key.

Last Updated on 2023-05-20