How It Works
- Your system calls the Request CVV Entry Form endpoint, passing the existing card token.
- PCI Booking returns a form URL that you embed as an iframe or redirect to.
- The cardholder enters only their CVV.
- PCI Booking duplicates the original card to a new token and attaches the captured CVV to the new token.
- The cardholder is redirected to your success URL with the new token.
Setting the CVV Retention Policy
After the new token is created with CVV, you have 60 minutes to set a CVV retention policy on it. If you don’t, your account-wide default applies. If no account default exists, the system default applies (CVV can be used once and is then cleared).3D Secure
The CVV capture form supports 3DS authentication. If enabled, a 3DS challenge is presented to the cardholder after they enter their CVV. The cardholder has 5 minutes to complete the challenge. See 3DS Merchant Setup to configure your merchant details for the challenge screen.If you are using 3DS authentication, you must provide either the cardholder’s email address or phone number in the request. This is required by Visa for all 3DS authentications.
Via Card By Link
You can also collect CVV remotely by sending the cardholder a link via email or SMS. See the CVV-Only Capture section in the Card By Link guide.Next Steps
CVV Retention Policy
Configure how long CVV is retained.
CVV Management
Check CVV status, usage, or clear CVV on a token.
Capture Cards Overview
All tokenization methods.

