> For the complete documentation index, see [llms.txt](https://docs.payments.thalescloud.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.payments.thalescloud.io/nfc-wallet-sdk-android/implement-nfc-wallet/handle-cdcvm.md).
# Handle CDCVM
## Overview
NFC Wallet SDK supports multiple CVM (Cardholder Verification Method) to authenticate the end user during payment, such as CDCCVM, online PIN and signature.
CDCVM (Consumer Device Cardholder Verification Method) is a CVM relying on device to verify the **end user** before an NFC payment.
Most NFC Wallet programs use **CDCVM**. CDCVM relies on the device’s user authentication.
In this section, we explain that NFC Wallet SDK is relying on Android secure device unlock method as CDCVM.
### CDCVM Android (device unlock)
NFC Wallet SDK for Android uses the Android secure lock screen for CDCVM. It supports:
* **Biometric**: strong biometric credentials, such as fingerprint or face.
* **Device credentials (keyguard)**: PIN, pattern, or password.
{% hint style="info" %}
NFC Wallet uses Android Keystore user authentication. See [Android Keystore user authentication](https://developer.android.com/privacy-and-security/keystore#UserAuthentication).
{% endhint %}
### Recommendations
Handle CDCVM early in your integration:
* Check device CDCVM capabilities before before you start wallet enrollment or Tokenization.
* Prompt the end user to enable a secure lock screen when required.
{% hint style="warning" %}
## NFC device capability check
Check your device supports HCE as stated in [Declare NFC features](/nfc-wallet-sdk-android/get-started/configuration/3.-application-manifest-file.md#declare-nfc-features). You can perform check at application installation (Google Play device filtering) or at runtime.
If you use a runtime check, hide NFC Wallet features for unsupported devices.
{% endhint %}
## SDK integration
### Check device CDCVM capabilities
Use `DeviceCVMEligibilityChecker.checkDeviceEligibility` to check device capabilities.
It returns a `DeviceCVMEligibilityResult`. Use it to evaluate biometric and keyguard support.
Run this check after you [initialize the NFC Wallet SDK](/nfc-wallet-sdk-android/get-started/configuration/4.-initialize-the-nfc-wallet-sdk.md), and before you start wallet enrollment or Tokenization.
#### Check biometric support
Call `DeviceCVMEligibilityResult.getBiometricsSupport`.
It returns `BiometricSupport.SUPPORTED` when biometric CDCVM is available. Check the possible error in case biometric is not supported in table below.
Biometric eligibility error
| Result | Description |
| -------------------------------- | --------------------------------------------------------------------------- |
| ANDROID\_VERSION\_NOT\_SUPPORTED | Returned when the device runs Android earlier than 6.0 (API level 23). |
| NO\_FINGERPRINT\_SENSOR | Returned when no biometric sensor is available on the device. |
| NO\_FINGERPRINT\_ENROLLED | Returned when the end user has not enrolled biometrics on the device. |
| PERMISSION\_NOT\_GRANTED | Returned when the required biometric permission is missing in the manifest. |
| SECURE\_LOCK\_NOT\_PRESENTED | Returned when no secure lock screen is enabled on the device. |
#### Check device keyguard support
Call `DeviceCVMEligibilityResult.getDeviceKeyguardSupport`.
It returns `DeviceKeyguardSupport.SUPPORTED` when device keyguard CDCVM is available. Check the possible error in case keygard is not supported in table below.
Device keyguard eligibility error
| Result | Description |
| -------------------------------- | ---------------------------------------------------------------------- |
| ANDROID\_VERSION\_NOT\_SUPPORTED | Returned when the device runs Android earlier than 6.0 (API level 23). |
| SECURE\_LOCK\_NOT\_PRESENTED | Returned when no PIN, pattern, or password is enabled on the device. |
### Implementation example
```java
// Check Device's Eligibility for Choosing CDCVM
DeviceCVMEligibilityResult result =
DeviceCVMEligibilityChecker.checkDeviceEligibility(getApplicationContext());
if(result.getBiometricsSupport() == BiometricsSupport.SUPPORTED) {
// Biometric is supported
// ...
}
else if(result.getDeviceKeyguardSupport() == DeviceKeyguardSupport.SUPPORTED){
// If Biometrics are not supported, Device KeyGuard should be used.
// Device keyguard is supported
// ...
}
else {
// Log Error, Device is not supported
// or end user does not enable secure lock screen
// We recommend to prompt the end user to enable a secure lock screen
// ...
}
```
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://docs.payments.thalescloud.io/nfc-wallet-sdk-android/implement-nfc-wallet/handle-cdcvm.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.