Some merchants can submit two authorizations for a single purchase when they can’t confirm the final amount at checkout (for example, hotel reservations).
A typical pattern is:
A zero-amount authorization to validate the card.
A second authorization for the final amount, submitted later (sometimes days or weeks after the first authorization).
In these merchant flows, the merchant may reuse the same Dynamic CVV2 for the second authorization.
By default, D1 invalidates (discards) a Dynamic CVV2 after the first verification (successfull or not). As a result, the second authorization is then declined if the merchant reuses the same Dynamic CVV2 that D1 has already discarded.
To support deferred authorization scenarios, D1 can allow the same Dynamic CVV2 to be reused for a limited number time, this will be allowed only for a specific category of merchant.
D1 evaluates whether the Dynamic CVV2 can be reused based on the Merchant Category Group configured during D1 onboarding for the issuer.
The following parameters are configurable:
Maximum reuse count: how many times the same Dynamic CVV2 can be reused.
Dynamic CVV2 validity window: the overall period during which the Dynamic CVV2 remains eligible for reuse.
Merchant Category Group: list of MCC granted for multiple reuse of Dynamic CVV2
D1 also tracks the merchant identifier (using merchantId) so a Dynamic CVV2 can be reused only by the merchant that initiated the first authorization.
Last updated
Was this helpful?
Was this helpful?