The Token Authentication Verification Value (TAVV) is Visa’s per-transaction cryptogram for network token authorizations. It proves to the issuer that the merchant (or token requestor) legitimately holds an active Visa token and is presenting a fresh authentication value for this specific charge. TAVV is single-use and short-lived; replaying an old cryptogram is a common cause of soft declines.
TAVV travels with the authorization message alongside the token surrogate, amount, and Electronic Commerce Indicator (ECI). Acquirers and PSPs must forward these fields without stripping or transforming them in ways that break issuer validation. Teams that tokenize at enrollment but authorize with PAN-only payloads never deliver TAVV and should not expect token-driven approval lift.
Generating TAVV requires live connectivity to Visa’s token service (directly or through a certified token service provider). The call is separate from token creation: each checkout or rebill should fetch a new cryptogram keyed to transaction type (purchase, recurring, installment). Idempotency keys prevent duplicate charges if your client retries.
Veliro exposes cryptogram retrieval as POST …/cryptogram on the token resource, returning TAVV for Visa tokens with the correct ECI for the transaction context. Keeping cryptogram generation in the credential layer, rather than buried inside one PSP’s SDK, is what makes multi-PSP routing compatible with network token economics.