For greatest security and least exposure to the risk of fraudulent credit card usage in your online store, we strongly recommend that you require your customers to provide the CVV (card verification value) security codes when placing an order in your online store and paying with a credit card. This helps to verify that the purchaser has physical possession of the card. While it is not a foolproof way to prevent fraud, it goes a long way to minimize your risk.
This CVV requirement is possible, and in fact is the default, only if you elect to authorize the credit card when the order is placed. It is not available if you choose only to validate the credit card number, and neither authorize nor charge the credit card.
To manage the CVV requirement in your Nexternal Order Management System (OMS), navigate to Settings / Edit Compatible Software / Payment Gateways Preferences/ Authorization Preferences, and use the pulldown to select either "Validate and Authorize" or "Validate, Authorize and Charge", depending upon whether you want to merely authorize the card to diminish the risk of decline when you later capture the funds, or whether you want to actually capture the funds as the order is being placed.
Once you've specified your Authorization Preference, use the pulldown for "Card Validation Values" to select "required". (Selecting "optional" would defeat the purpose of this security precaution.)
In compliance with PCI regulations, the CVV is never saved in the Nexternal platform, and it will be required when taking telephone orders or otherwise placing orders in the OMS, even if the customer for whom the order is being placed has a credit card on file.
Regardless of your CVV settings, bulk orders can always be created, and once a subscription is set up with the CVV, the resulting subsequent subscription orders will continue to be generated automatically.
If you normally require the CVV when set to authorize, but occasionally toggle to "validate only", for example to create club orders, then when you toggle back to an authorize setting the CVV will automatically be required again.
Read the ? tooltip near the Authorizations Preferences for complete information regarding the implications of your selection.