What is Consumer Device Cardholder Verification Method?
Consumer Device Cardholder Verification Method (CDCVM) is a type of consumer verification method (CVM) supported by the card networks when assessing transactions originating from mobile devices. Verification is used to evaluate whether the person presenting the payment instrument is the legitimate owner of the instrument, and affects where the liability lies for fraudulent transactions.
With Apple Pay, Face ID, Touch ID, or the device passcode can be used as the consumer device verification method, instead of the more traditional methods of PIN, signature for transactions in stores, or 3D Secure for transactions within apps.
For Apple Pay contactless EMV transactions, CDCVM is performed and verified entirely on the iOS device or Apple Watch. During the transaction, no additional customer action is required on the payment terminal or paper receipt to verify the customer, such as a signature or PIN.
Why should a merchant support CDCVM?
- Enable contactless payments for any amount: Currently in some markets, contactless payments are restricted by a transaction limit. The use of CDCVM removes this limit.
- Reduce chargeback related costs: Merchants will benefit from the liability shift and won't carry liability for fraud when CDCVM is obtained for Apple Pay transactions. As a result, a merchant’s bottom line improves through chargeback reduction and reduced back-office handling of signature documents.
- Get faster throughput: CDCVM transactions allow the merchant to gain faster throughput at the register because customers won't have to insert their cards for transactions above the transaction limit, and they won't be required to sign or enter a PIN.
- Increase customer satisfaction: Customers will experience a more convenient and seamless transaction.
Who should support CDCVM?
CDCVM is applicable for any merchant accepting contactless and transactions within apps originating from iPhone 6 or later, Apple Watch, iPad Pro, iPad Air 2, or iPad mini 3 or later. CDCVM appeals to merchants who have high foot traffic locations, care about speed and throughput at the register, and merchants that want additional consumer authentication for In App payments.
How does CDCVM work?
CDCVM verifies the customer of a payment transaction. For each EMV transaction, the payment terminal and the supporting payment network applications within the iOS device must mutually decide which customer verification method to use. To decide, the terminal and iOS device will compare the verification methods that they each support, and they'll use the first one that they both support.
For Apple Pay transactions, CDCVM acts in place of other methods of verification when it’s supported by the payment terminal.
During the authorization request, the customer verification method is passed from the payment terminal to the issuer. The verification method is then used to determine fraud liability based on payment network policy. Learn more about liability.
What contactless specifications support CDCVM?
The major payment networks support CDCVM as part of their contactless and In App specifications. Each payment network has a different contactless specification, of which installation and certification is required to support payments using the new Cardholder Verification Method (CVM).
- Visa supports CDCVM in their Visa Card Personalization Specification version 2.1 and later or any version of EMV Contactless Kernel 3. Visa supports CDCVM for both credit, debit, and prepaid EMV transactions routed through VisaNet.
- Mastercard supports CDCVM in their Contactless Reader Specification 3.0 and later for credit, debit, and prepaid EMV transactions. Mastercard uses the terminology On-Device CVM (ODCVM).
- Discover supports CDCVM in their Contactless D-PAS Terminal Application Specification version 1.0 and later or any version of EMV Contactless Kernel 6.
- American Express supports CDCVM for Apple Pay mobile contactless transactions in their ExpressPay terminal spec 3.0 and later.
What do merchants need to do to support CDCVM?
Merchants need to validate that their payment terminal software supports CDCVM. Terminals on the latest specification enable Apple Pay payments above the contactless transaction limit. If a customer attempts to use a plastic contactless card they will be instructed to try again or to insert the card into the terminal. Terminals on an earlier specification won't give a choice for contactless above the contactless transaction limit.
- The merchant’s payment terminals must support the required contactless specifications provided by the card networks.
- The merchant’s payment terminals must be configured to accept CDCVM as a verification method. Each payment network’s configuration is slightly different. The contactless specification for each will specify the exact configuration required.
See our checklist to learn what else you should do to accept Apple Pay.
This document is being furnished for informational purposes only and may not be relied upon for any legal purpose. It does not constitute an official or agreed position with the payment networks, each of which determines its own policies and practices (including but not limited to rules regarding merchant liability). Merchants, acquirers, processors, and others supporting EMV CDCVM technology, are therefore strongly encouraged to consult with their respective payment networks regarding applicable chargeback policies and rules.
Apple makes no representations or warranties with regard to the subject matter contained herein, whether express or implied, including any warranty of merchantability, fitness for any particular purpose, or any warranty otherwise arising out of the use of or reliance on this document.
This document is confidential and may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without Apple’s prior written permission.
© 2015 Apple Inc. All rights reserved. Apple, the Apple logo, and Wallet are trademarks of Apple Inc., registered in the U.S. and other countries. Apple Pay, Face ID, and Touch ID are trademarks of Apple Inc. iOS is a trademark or registered trademark of Cisco in the U.S. and other countries and is used under license. Other product and company names mentioned herein may be trademarks of their respective companies.