# Verify CVV, AVS, and Name Verify a Payment Instrument to determine CVV, AVS, and name verification results. Endpoint: PUT /payment_instruments/{payment_instrument_id_verify} Version: 2022-02-01 Security: BasicAuth ## Path parameters: - `payment_instrument_id_verify` (string, required) The ID of the Payment Instrument you wish to verify. ## Response 200 fields (application/json): - `id` (string) The ID of the resource. - `created_at` (string) Timestamp of when the object was created. - `updated_at` (string) Timestamp of when the object was last updated. - `created_via` (string) The method by which the resource was created. Enum: "API" - `account_updater_enabled` (boolean) When enabled at the Payment Instrument-level, Finix automatically checks for updates with card networks. This Account Updater functionality: - Automatically updates card details (e.g., number or expiration date) to maintain continuity of charges, increasing authorization rates. - Saves the cardholder the hassle of updating card details across Merchants for each of their Subscriptions. If set at the Application level, this Payment Instrument-level setting will override the Application-level configuration. If not configured at the Application-level, the card defaults to false, requiring explicit opt-in. Note: Cards created before the feature is enabled are unaffected by default. To include these cards, you can manually enable the Account Updater functionality for each card individually using a PUT request. Once enabled, you can link the card to this API call to trigger updates with card networks. - `address` (object) The address of the card owner. Including a postal or zip code when creating a Payment Instrument can lower the interchange on credit card transactions. - `address.line1` (string,null, required) First line of the address (max 35 characters). - `address.line2` (string,null) Second line of the address (max 35 characters). - `address.city` (string,null, required) City (max 20 characters). - `address.region` (string,null, required) 2-letter State code. - `address.postal_code` (string,null, required) Zip or Postal code (max 7 characters). - `address.country` (string,null, required) Enum: "ABW", "AFG", "AGO", "AIA", "ALA", "ALB", "AND", "ARE", "ARG", "ARM", "ASM", "ATA", "ATF", "ATG", "AUS", "AUT", "AZE", "BDI", "BEL", "BEN", "BES", "BFA", "BGD", "BGR", "BHR", "BHS", "BIH", "BLM", "BLR", "BLZ", "BMU", "BOL", "BRA", "BRB", "BRN", "BTN", "BVT", "BWA", "CAF", "CAN", "CCK", "CHE", "CHL", "CHN", "CIV", "CMR", "COD", "COG", "COK", "COL", "COM", "CPV", "CRI", "CUB", "CUW", "CXR", "CYM", "CYP", "CZE", "DEU", "DJI", "DMA", "DNK", "DOM", "DZA", "ECU", "EGY", "ERI", "ESH", "ESP", "EST", "ETH", "FIN", "FJI", "FLK", "FRA", "FRO", "FSM", "GAB", "GBR", "GEO", "GGY", "GHA", "GIB", "GIN", "GLP", "GMB", "GNB", "GNQ", "GRC", "GRD", "GRL", "GTM", "GUF", "GUM", "GUY", "HKG", "HMD", "HND", "HRV", "HTI", "HUN", "IDN", "IMN", "IND", "IOT", "IRL", "IRN", "IRQ", "ISL", "ISR", "ITA", "JAM", "JEY", "JOR", "JPN", "KAZ", "KEN", "KGZ", "KHM", "KIR", "KNA", "KOR", "KWT", "LAO", "LBN", "LBR", "LBY", "LCA", "LIE", "LKA", "LSO", "LTU", "LUX", "LVA", "MAC", "MAF", "MAR", "MCO", "MDA", "MDG", "MDV", "MEX", "MHL", "MKD", "MLI", "MLT", "MMR", "MNE", "MNG", "MNP", "MRT", "MSR", "MTQ", "MUS", "MWI", "MYS", "MYT", "NAM", "NCL", "NER", "NFK", "NGA", "NIC", "NIU", "NLD", "NOR", "NPL", "NRU", "NZL", "OMN", "PAK", "PAN", "PCN", "PER", "PHL", "PLW", "PNG", "POL", "PRI", "PRK", "PRT", "PRY", "PSE", "PYF", "QAT", "REU", "ROU", "RUS", "RWA", "SAU", "SDN", "SEN", "SGP", "SGS", "SHN", "SJM", "SLB", "SLE", "SLV", "SMR", "SOM", "SPM", "SRB", "SSD", "STP", "SUR", "SVK", "SVN", "SWE", "SWZ", "SXM", "SYC", "SYR", "TCA", "TCD", "TGO", "THA", "TJK", "TKL", "TKM", "TLS", "TON", "TTO", "TUN", "TUR", "TUV", "TWN", "TZA", "UGA", "UKR", "UMI", "URY", "USA", "UZB", "VAT", "VCT", "VEN", "VGB", "VIR", "VNM", "VUT", "WLF", "WSM", "XKX", "YEM", "ZAF", "ZMB", "ZWE" - `address_verification` (string) - Details the results of verifying address with the issuing bank. - Set to UNKNOWN when address gets updated. Enum: "POSTAL_CODE_AND_STREET_MATCH", "STREET_MATCH", "POSTAL_CODE_MATCH", "NO_ADDRESS", "NO_MATCH", "NOT_SUPPORTED", "UNKNOWN" - `application` (string) ID of the Application the resource was created under. - `bin` (string) Bank Identification number for the Payment Instrument. - `brand` (string) The brand of the card saved in the Payment Instrument. Enum: "UNKNOWN", "DINERS_CLUB_INTERNATIONAL", "DANKORT", "MIR", "TROY", "UATP", "CHINA_T_UNION", "CHINA_UNION_PAY", "AMERICAN_EXPRESS", "VERVE", "RUPAY", "DISCOVER", "JCB", "MASTERCARD", "INTERPAYMENT", "INSTAPAYMENT", "MAESTRO", "VISA", "LANKAPAY", "DINERS_CLUB", "INTERAC" - `card_type` (string) The type of payment card saved in the Payment Instrument. Enum: "CREDIT", "DEBIT", "HSA_FSA", "NON_RELOADABLE_PREPAID", "RELOADABLE_PREPAID", "UNKNOWN" - `country` (string,null) Enum: "ABW", "AFG", "AGO", "AIA", "ALA", "ALB", "AND", "ARE", "ARG", "ARM", "ASM", "ATA", "ATF", "ATG", "AUS", "AUT", "AZE", "BDI", "BEL", "BEN", "BES", "BFA", "BGD", "BGR", "BHR", "BHS", "BIH", "BLM", "BLR", "BLZ", "BMU", "BOL", "BRA", "BRB", "BRN", "BTN", "BVT", "BWA", "CAF", "CAN", "CCK", "CHE", "CHL", "CHN", "CIV", "CMR", "COD", "COG", "COK", "COL", "COM", "CPV", "CRI", "CUB", "CUW", "CXR", "CYM", "CYP", "CZE", "DEU", "DJI", "DMA", "DNK", "DOM", "DZA", "ECU", "EGY", "ERI", "ESH", "ESP", "EST", "ETH", "FIN", "FJI", "FLK", "FRA", "FRO", "FSM", "GAB", "GBR", "GEO", "GGY", "GHA", "GIB", "GIN", "GLP", "GMB", "GNB", "GNQ", "GRC", "GRD", "GRL", "GTM", "GUF", "GUM", "GUY", "HKG", "HMD", "HND", "HRV", "HTI", "HUN", "IDN", "IMN", "IND", "IOT", "IRL", "IRN", "IRQ", "ISL", "ISR", "ITA", "JAM", "JEY", "JOR", "JPN", "KAZ", "KEN", "KGZ", "KHM", "KIR", "KNA", "KOR", "KWT", "LAO", "LBN", "LBR", "LBY", "LCA", "LIE", "LKA", "LSO", "LTU", "LUX", "LVA", "MAC", "MAF", "MAR", "MCO", "MDA", "MDG", "MDV", "MEX", "MHL", "MKD", "MLI", "MLT", "MMR", "MNE", "MNG", "MNP", "MRT", "MSR", "MTQ", "MUS", "MWI", "MYS", "MYT", "NAM", "NCL", "NER", "NFK", "NGA", "NIC", "NIU", "NLD", "NOR", "NPL", "NRU", "NZL", "OMN", "PAK", "PAN", "PCN", "PER", "PHL", "PLW", "PNG", "POL", "PRI", "PRK", "PRT", "PRY", "PSE", "PYF", "QAT", "REU", "ROU", "RUS", "RWA", "SAU", "SDN", "SEN", "SGP", "SGS", "SHN", "SJM", "SLB", "SLE", "SLV", "SMR", "SOM", "SPM", "SRB", "SSD", "STP", "SUR", "SVK", "SVN", "SWE", "SWZ", "SXM", "SYC", "SYR", "TCA", "TCD", "TGO", "THA", "TJK", "TKL", "TKM", "TLS", "TON", "TTO", "TUN", "TUR", "TUV", "TWN", "TZA", "UGA", "UKR", "UMI", "URY", "USA", "UZB", "VAT", "VCT", "VEN", "VGB", "VIR", "VNM", "VUT", "WLF", "WSM", "XKX", "YEM", "ZAF", "ZMB", "ZWE" - `currency` (string) ISO 4217 3-letter currency code. Enum: "AED", "AFN", "ALL", "AMD", "ANG", "AOA", "ARS", "AUD", "AWG", "AZN", "BAM", "BBD", "BDT", "BGN", "BHD", "BIF", "BMD", "BND", "BOB", "BOV", "BRL", "BSD", "BTN", "BWP", "BYR", "BZD", "CAD", "CDF", "CHE", "CHF", "CHW", "CLF", "CLP", "CNY", "COP", "COU", "CRC", "CUC", "CUP", "CVE", "CZK", "DJF", "DKK", "DOP", "DZD", "EGP", "ERN", "ETB", "EUR", "FJD", "FKP", "GBP", "GEL", "GHS", "GIP", "GMD", "GNF", "GTQ", "GYD", "HKD", "HNL", "HRK", "HTG", "HUF", "IDR", "ILS", "INR", "IQD", "IRR", "ISK", "JMD", "JOD", "JPY", "KES", "KGS", "KHR", "KMF", "KPW", "KRW", "KWD", "KYD", "KZT", "LAK", "LBP", "LKR", "LRD", "LSL", "LTL", "LYD", "MAD", "MDL", "MGA", "MKD", "MMK", "MNT", "MOP", "MRO", "MUR", "MVR", "MWK", "MXN", "MXV", "MYR", "MZN", "NAD", "NGN", "NIO", "NOK", "NPR", "NZD", "OMR", "PAB", "PEN", "PGK", "PHP", "PKR", "PLN", "PYG", "QAR", "RON", "RSD", "RUB", "RWF", "SAR", "SBD", "SCR", "SDG", "SEK", "SGD", "SHP", "SLL", "SOS", "SRD", "SSP", "STD", "SVC", "SYP", "SZL", "THB", "TJS", "TMT", "TND", "TOP", "TRY", "TTD", "TWD", "TZS", "UAH", "UGX", "USD", "USN", "UYI", "UYU", "UZS", "VEF", "VND", "VUV", "WST", "XAF", "XAG", "XAU", "XBA", "XBB", "XBC", "XBD", "XCD", "XDR", "XOF", "XPD", "XPF", "XPT", "XSU", "XTS", "XUA", "XXX", "YER", "ZAR", "ZMW", "ZWL" - `disabled_code` (string,null) A code indicating why the Payment Instrument was disabled. This field is populated when the card is automatically disabled for reasons other than USER INITIATED or when manually disabled by a user for USER_INITIATED. See disabled_message for possible error codes and their messages. Enum: "CARD_ACCOUNT_CLOSED", "INVALID_ACCOUNT_NUMBER", "LOST_OR_STOLEN_CARD", "NON_RELOADABLE_INSUFFICIENT_FUNDS", "PICK_UP_CARD", "RESTRICTED_CARD", "USER_INITIATED" - `disabled_message` (string,null) A human-readable message explaining why the Payment Instrument was disabled. This field provides additional context for the disabled_code. The possible error codes/messages are: - CARD_ACCOUNT_CLOSED: "The card account has been closed. The card has been disabled to prevent further use." - INVALID_ACCOUNT_NUMBER: "The card number is not valid. The card has been disabled to prevent further use." - LOST_OR_STOLEN_CARD: "The card is reported lost or stolen. The card has been disabled to prevent further use." - NON_RELOADABLE_INSUFFICIENT_FUNDS: "The card has insufficient funds for the transaction and is non-reloadable. The card has been disabled to prevent further use." - PICK_UP_CARD: "The card is reported lost or stolen. The card has been disabled to prevent further use." - RESTRICTED_CARD: "The card has a restriction preventing approval for this transaction. The card has been disabled to prevent further use." - USER_INITIATED: "The card has been disabled by a user." - `enabled` (boolean) Indicates whether the Payment Instrument resource is enabled. The default value is true; set it to false to disable the Payment Instrument. The user or the system can update this field to enable or disable the payment instrument. - `expiration_month` (integer) Expiration month (e.g. 12 for December). - `expiration_year` (integer) 4-digit expiration year. - `fast_funds_indicator` (string) Details if Fast Funds is enabled for the card. - `fingerprint` (string) Unique ID that represents the tokenized card data. Example: "FPRxxxxxxxxxxxxxxxxx" - `identity` (string) The ID of the Identity used to create the resource. - `instrument_type` (string) The type of Payment Instrument. Enum: "PAYMENT_CARD", "PAYMENT_CARD_PRESENT", "TOKEN" - `issuer_country` (string) The Alpha-3 Code of the country the card was issued in. In addition, the following values are possible: - NON_USA - The card was issued outside of the United States. - UNKNOWN - The processor did not return an issuer country for this particular BIN. Enum: "ABW", "AFG", "AGO", "AIA", "ALA", "ALB", "AND", "ARE", "ARG", "ARM", "ASM", "ATA", "ATF", "ATG", "AUS", "AUT", "AZE", "BDI", "BEL", "BEN", "BES", "BFA", "BGD", "BGR", "BHR", "BHS", "BIH", "BLM", "BLR", "BLZ", "BMU", "BOL", "BRA", "BRB", "BRN", "BTN", "BVT", "BWA", "CAF", "CAN", "CCK", "CHE", "CHL", "CHN", "CIV", "CMR", "COD", "COG", "COK", "COL", "COM", "CPV", "CRI", "CUB", "CUW", "CXR", "CYM", "CYP", "CZE", "DEU", "DJI", "DMA", "DNK", "DOM", "DZA", "ECU", "EGY", "ERI", "ESH", "ESP", "EST", "ETH", "FIN", "FJI", "FLK", "FRA", "FRO", "FSM", "GAB", "GBR", "GEO", "GGY", "GHA", "GIB", "GIN", "GLP", "GMB", "GNB", "GNQ", "GRC", "GRD", "GRL", "GTM", "GUF", "GUM", "GUY", "HKG", "HMD", "HND", "HRV", "HTI", "HUN", "IDN", "IMN", "IND", "IOT", "IRL", "IRN", "IRQ", "ISL", "ISR", "ITA", "JAM", "JEY", "JOR", "JPN", "KAZ", "KEN", "KGZ", "KHM", "KIR", "KNA", "KOR", "KWT", "LAO", "LBN", "LBR", "LBY", "LCA", "LIE", "LKA", "LSO", "LTU", "LUX", "LVA", "MAC", "MAF", "MAR", "MCO", "MDA", "MDG", "MDV", "MEX", "MHL", "MKD", "MLI", "MLT", "MMR", "MNE", "MNG", "MNP", "MOZ", "MRT", "MSR", "MTQ", "MUS", "MWI", "MYS", "MYT", "NAM", "NCL", "NER", "NFK", "NGA", "NIC", "NIU", "NLD", "NON_USA", "NOR", "NPL", "NRU", "NZL", "OMN", "PAK", "PAN", "PCN", "PER", "PHL", "PLW", "PNG", "POL", "PRI", "PRK", "PRT", "PRY", "PSE", "PYF", "QAT", "REU", "ROU", "RUS", "RWA", "SAU", "SDN", "SEN", "SGP", "SGS", "SHN", "SJM", "SLB", "SLE", "SLV", "SMR", "SOM", "SPM", "SRB", "SSD", "STP", "SUR", "SVK", "SVN", "SWE", "SWZ", "SXM", "SYC", "SYR", "TCA", "TCD", "TGO", "THA", "TJK", "TKL", "TKM", "TLS", "TON", "TTO", "TUN", "TUR", "TUV", "TWN", "TZA", "UGA", "UKR", "UMI", "UNKNOWN", "URY", "USA", "UZB", "VAT", "VCT", "VEN", "VGB", "VIR", "VNM", "VUT", "WLF", "WSM", "YEM", "ZAF", "ZMB", "ZWE" - `last_four` (string) Last four digits of the card. - `name` (string,null) The name of the card owner. - `network_token_enabled` (boolean) When enabled at the Payment Instrument level, a "network token" replaces raw card details (e.g., the 16-digit PAN and expiration date) for transactions. Network tokens have several benefits: - The token offers increased authorization rates, even for lost or stolen cards, as it remains valid while the physical card is replaced. - Visa reduces interchange fees when using network tokens. - Tokens enhance security by replacing card details with a non-sensitive string that is usable only within the Finix system. If set at the Application level, this Payment Instrument level setting will override the application level configuration. If not configured at the application level, the card defaults to false, requiring explicit opt-in. Note: Cards created before the feature is enabled are unaffected. To include them, update an individual Payment Instrument. Then, you can insert the hyperlink on the "update". - `network_token_state` (string) The state of the network token. The possible enum values are as follows: - NOT_ENABLED: The network_token_state is NOT_ENABLED when the value of network_token_enabled on the Payment Instrument is false. - PENDING: Immediately after Finix enables network tokens for a specific card, network_token_state is initially set to PENDING. - ACTIVE: After Finix receives the network token successfully from the card network, network_token_state updates to ACTIVE. - FAILED: In the event that there is an issue with the card network such as service becomes unavailable, FAILED is returned. - SUSPENDED: When the issuing bank does not allow the network token to be used in transactions, SUSPENDED is returned. - CLOSED: In the event that the issuing bank has closed the card permanently, CLOSED is returned. Enum: "ACTIVE", "CLOSED", "FAILED", "NOT_ENABLED", "SUSPENDED", "PENDING" - `payload_type` (string) Enum: "SOURCE", "DESTINATION" - `push_funds_block_indicator` (string) Details if the card is enabled to receive push-to-card disbursements. - `name_verification_results` (object,null) Details the results of verifying the cardholder's name with the issuing bank. Returns null if name_verification_details was not included in the request. - `name_verification_results.first_name` (string) The result of verifying the cardholder's first name. Enum: "MATCH", "NO_MATCH", "PARTIAL_MATCH", "UNKNOWN", "NOT_SUPPORTED" - `name_verification_results.last_name` (string) The result of verifying the cardholder's last name. Enum: "MATCH", "NO_MATCH", "PARTIAL_MATCH", "UNKNOWN", "NOT_SUPPORTED" - `name_verification_results.middle_name` (string) The result of verifying the cardholder's middle name. Enum: "MATCH", "NO_MATCH", "PARTIAL_MATCH", "UNKNOWN", "NOT_SUPPORTED" - `name_verification_results.name` (string) The result of verifying the cardholder's full name. Enum: "MATCH", "NO_MATCH", "PARTIAL_MATCH", "UNKNOWN", "NOT_SUPPORTED" - `security_code_verification` (string) Details the results of the Card Verification Code check. Enum: "MATCHED", "UNKNOWN", "UNMATCHED" - `third-party` (string,null) This field is not applicable to payment cards. - `third_party_token` (string,null) This field is not applicable to payment cards. - `type` (string) Type of Payment Instrument. Enum: "PAYMENT_CARD", "TOKEN", "GOOGLE_PAY", "APPLE_PAY" - `tags` (object,null) Include up to 50 key: value pairs to annotate requests with custom metadata. - Maximum character length for individual keys is 40. - Maximum character length for individual values is 500. (For example, order_number: 25, item_type: produce, department: sales) - `_links` (object) For your convenience, every response includes several URLs which link to resources relevant to the request. You can use these _links to make your follow-up requests and quickly access relevant IDs. - `_links.application` (object) Link to the Application the request was made under. - `_links.application.href` (string) - `_links.authorizations` (object) Link to the Authorizations created under the resource. - `_links.authorizations.href` (string) - `_links.identity` (object) Link to the Identity the request was made under. - `_links.identity.href` (string) - `_links.self` (object) Link to the resource that was used in the request. - `_links.self.href` (string) - `_links.transfers` (object) Link to the Transfers created under the resource. - `_links.transfers.href` (string) - `_links.updates` (object) Link to the Updates created under the resource. - `_links.updates.href` (string) - `_links.verifications` (object) Link to the Verification that was used to verify the Merchant that the request was made under. - `_links.verifications.href` (string) ## Response 400 fields (application/json): - `total` (integer, required) Total number of errors returned. - `_embedded` (object, required) Container for embedded error objects. - `_embedded.errors` (array) List of individual error objects. - `_embedded.errors.code` (string) The error code. The UNKNOWN error code is returned for a 401 Unauthorized or 403 Forbidden request. - `_embedded.errors.logref` (string) A log reference identifier for the error, useful for debugging and support purposes. - `_embedded.errors.message` (string) A human-friendly error message. - `_embedded.errors._links` (object) Links related to this error. - `_embedded.errors._links.self` (object) Link to the resource related to the error. - `_embedded.errors._links.self.href` (string) URL of the related resource. ## Response 401 fields (application/json): - `total` (integer, required) Total number of errors returned. - `_embedded` (object, required) Container for embedded error objects. - `_embedded.errors` (array) List of individual error objects. - `_embedded.errors.code` (string) The error code. The UNKNOWN error code is returned for a 401 Unauthorized or 403 Forbidden request. - `_embedded.errors.logref` (string) A log reference identifier for the error, useful for debugging and support purposes. - `_embedded.errors.message` (string) A human-friendly error message. - `_embedded.errors._links` (object) Links related to this error. - `_embedded.errors._links.self` (object) Link to the resource related to the error. - `_embedded.errors._links.self.href` (string) URL of the related resource. ## Response 403 fields (application/json): - `total` (integer, required) Total number of errors returned. - `_embedded` (object, required) Container for embedded error objects. - `_embedded.errors` (array) List of individual error objects. - `_embedded.errors.code` (string) The error code. The UNKNOWN error code is returned for a 401 Unauthorized or 403 Forbidden request. - `_embedded.errors.logref` (string) A log reference identifier for the error, useful for debugging and support purposes. - `_embedded.errors.message` (string) A human-friendly error message. - `_embedded.errors._links` (object) Links related to this error. - `_embedded.errors._links.self` (object) Link to the resource related to the error. - `_embedded.errors._links.self.href` (string) URL of the related resource. ## Response 404 fields (application/json): - `total` (integer, required) Total number of errors returned. - `_embedded` (object, required) Container for embedded error objects. - `_embedded.errors` (array) List of individual error objects. - `_embedded.errors.code` (string) The error code. The UNKNOWN error code is returned for a 401 Unauthorized or 403 Forbidden request. - `_embedded.errors.logref` (string) A log reference identifier for the error, useful for debugging and support purposes. - `_embedded.errors.message` (string) A human-friendly error message. - `_embedded.errors._links` (object) Links related to this error. - `_embedded.errors._links.self` (object) Link to the resource related to the error. - `_embedded.errors._links.self.href` (string) URL of the related resource. ## Response 406 fields (application/json): - `total` (integer, required) Total number of errors returned. - `_embedded` (object, required) Container for embedded error objects. - `_embedded.errors` (array) List of individual error objects. - `_embedded.errors.code` (string) The error code. The UNKNOWN error code is returned for a 401 Unauthorized or 403 Forbidden request. - `_embedded.errors.logref` (string) A log reference identifier for the error, useful for debugging and support purposes. - `_embedded.errors.message` (string) A human-friendly error message. - `_embedded.errors._links` (object) Links related to this error. - `_embedded.errors._links.self` (object) Link to the resource related to the error. - `_embedded.errors._links.self.href` (string) URL of the related resource.