# Generate and verify card data
Generate and verify card data incorporates data derived from card data, for instance CVV, CVV2, CVC and DCVV.
**Topics**
+ [Generate card data](generate-card-data.md)
+ [Verify card data](verify-card-data.md)
# Generate card data
The `Generate Card Data` API is used to generate card data using algorithms such as CVV,CVV2 or Dynamic CVV2. To see what keys can be used for this command, please see [Valid keys for cryptographic operations](crypto-ops-validkeys-ops.md) section.
Many cryptographic values such as CVV, CVV2, iCVV, CAVV V7 use the same cryptographic algorithm but vary the input values. For instance [CardVerificationValue1](https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_CardVerificationValue1.html) has inputs of ServiceCode, Card Number and Expiration Date. While [CardVerificationValue2](https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_CardVerificationValue2.html) only has two of these inputs, this is because for CVV2/CVC2, the ServiceCode is fixed at 000. Similarly, for iCVV the ServiceCode is fixed at 999. Some algorithms may repurpose the existing fields such as CAVV V8 in which case you will need to consult your provider manual for the correct input values.
**Note**
Expiration date must be entered in the same format (such as MMYY vs. YYMM) for generation and validation to produce correct results.
# Generate CVV2
**Example**
In this example, we will generate a CVV2 for a given PAN with inputs of `PAN` and card expiration date. This assumes that you have a card verification key [generated](create-keys.md#cvvkey-example).
```
$ aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/tqv5yij6wtxx64pi --primary-account-number=171234567890123 --generation-attributes CardVerificationValue2={CardExpiryDate=0123}
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/tqv5yij6wtxx64pi",
"KeyCheckValue": "CADDA1",
"ValidationData": "801"
}
```
# Generate iCVV
**Example**
In this example, we will generate a [iCVV](terminology.md#terms.icvv) for a given PAN with inputs of `PAN`,a service code of 999 and card expiration date. This assumes that you have a card verification key [generated](create-keys.md#cvvkey-example).
For all available parameters see [CardVerificationValue1](https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_CardVerificationValue1.html) in the API reference guide.
```
$ aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/tqv5yij6wtxx64pi --primary-account-number=171234567890123 --generation-attributes CardVerificationValue1='{CardExpiryDate=1127,ServiceCode=999}'
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/tqv5yij6wtxx64pi",
"KeyCheckValue": "CADDA1",
"ValidationData": "801"
}
```
# Verify card data
`Verify Card Data` is used to verify data that has been created using payment algorithms that rely on encryption principals such as `DISCOVER_DYNAMIC_CARD_VERIFICATION_CODE`.
The input values are typically provided as part of an inbound transaction to an issuer or supporting platform partner. To verify an ARQC cryptogram (used for EMV chips cards), please see [Verify ARQC](data-operations.verifyauthrequestcryptogram.md).
For more information, see [VerifyCardValidationData](https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_VerifyCardValidationData.html) in the API guide.
If the value is verified, then the api will return http/200. If the value is not verified, it will return http/400.
# Verify CVV2
**Example**
In this example, we will validate a CVV/CVV2 for a given PAN. The CVV2 is typically provided by the cardholder or user during transaction time for validation. In order to validate their input, the following values will be provided at runtime - [Key to Use for validation (CVK)](create-keys.md#cvvkey-example), `PAN`, card expiration date and CVV2 entered. Card expiration format must match that used in initial value generation.
For all available parameters see [CardVerificationValue2](https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_CardVerificationValue2.html) in the API reference guide.
```
$ aws payment-cryptography-data verify-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/tqv5yij6wtxx64pi --primary-account-number=171234567890123 --verification-attributes CardVerificationValue2={CardExpiryDate=0123} --validation-data 801
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/tqv5yij6wtxx64pi",
"KeyCheckValue": "CADDA1"
}
```
# Verify iCVV
**Example**
In this example, we will verify a [iCVV](terminology.md#terms.icvv) for a given PAN with inputs of [Key to Use for validation (CVK)](create-keys.md#cvvkey-example), `PAN`, a service code of 999, card expiration date and the iCVV provided by the transaction to validate.
iCVV is not a user entered value (like CVV2) but embedded on an EMV card. Consideration should be given to whether it should always validate when provided.
For all available parameters see, [CardVerificationValue1](https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_CardVerificationValue1.html) in the API reference guide.
```
$ aws payment-cryptography-data verify-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/tqv5yij6wtxx64pi --primary-account-number=171234567890123 --verification-attributes CardVerificationValue1='{CardExpiryDate=1127,ServiceCode=999} --validation-data 801
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/tqv5yij6wtxx64pi",
"KeyCheckValue": "CADDA1",
"ValidationData": "801"
}
```