By default, all granted payment method nonces are vaultable. Once the recipient vaults a granted payment method nonce, the resulting payment method behaves like any other in their Vault beyond the restrictions of the Grant API.
When using the Grant API, the grantor can control whether or not the recipient is able to vault a granted payment method. If the grantor doesn't allow vaulting, the recipient will only be able to create a single transaction with the granted payment method nonce. The grantor can do this by setting allow_vaulting to
Billing address information is not included on granted payment method nonces by default, and CVV is never included. The grantor can choose to share the billing postal code with the recipient when granting a payment method by setting the
include_billing_postal_code option to
When the recipient makes a transaction or verification request with the granted payment method nonce, the processor will return the expected AVS and CVV response codes (e.g. M if the postal code matches, I if the information is not provided), but the responses will not trigger any AVS or CVV rules enabled in their gateway.
In some cases, recipients may desire additional information (that is not shared via the Grant API) to mitigate risk before creating the transaction. It is between the grantor and recipient to determine what additional information that they would like to share with each other.