diff --git a/app/Http/Controllers/CaptureController.php b/app/Http/Controllers/CaptureController.php
index 19edcc2..392e0e7 100644
--- a/app/Http/Controllers/CaptureController.php
+++ b/app/Http/Controllers/CaptureController.php
@@ -2,13 +2,14 @@
 
 namespace App\Http\Controllers;
 
+use App\Http\Requests\CreateCaptureRequest;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Support\Str;
 
 class CaptureController extends Controller
 {
-    public function createForPayment(string $paymentId, Request $request): JsonResponse
+    public function createForPayment(string $paymentId, CreateCaptureRequest $request): JsonResponse
     {
         $requestId = $request->header('request-id');
         $merchantId = $request->header('merchant-id');
diff --git a/app/Http/Controllers/RefundController.php b/app/Http/Controllers/RefundController.php
index 1fe2ab8..d0f4c85 100644
--- a/app/Http/Controllers/RefundController.php
+++ b/app/Http/Controllers/RefundController.php
@@ -2,14 +2,14 @@
 
 namespace App\Http\Controllers;
 
+use App\Http\Requests\CreateRefundRequest;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
-
 use Illuminate\Support\Str;
 
 class RefundController extends Controller
 {
-    public function create(Request $request): JsonResponse
+    public function create(CreateRefundRequest $request): JsonResponse
     {
         $requestId = $request->header('request-id');
         $merchantId = $request->header('merchant-id');
diff --git a/app/Http/Controllers/VerificationController.php b/app/Http/Controllers/VerificationController.php
index 6ef18db..2a0980f 100644
--- a/app/Http/Controllers/VerificationController.php
+++ b/app/Http/Controllers/VerificationController.php
@@ -2,22 +2,25 @@
 
 namespace App\Http\Controllers;
 
+use App\Http\Requests\CreateVerificationRequest;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Support\Str;
 
 class VerificationController extends Controller
 {
-    public function create(Request $request): JsonResponse
+    public function create(CreateVerificationRequest $request): JsonResponse
     {
         $requestId = $request->header('request-id');
         $merchantId = $request->header('merchant-id');
 
-        if($request->input('currency') == 'HRK') {
+        if ($request->input('currency') === 'HRK') {
             return response()->json([
-                'error' => 'Currency HRK is not supported',
-                'code' => 'CURRENCY_NOT_SUPPORTED'
-            ], 500);
+                'responseStatus' => 'ERROR',
+                'responseCode' => '422',
+                'responseMessage' => 'Currency HRK is not supported',
+                'errors' => ['currency' => ['Currency HRK is not supported']]
+            ], 422);
         }
         
         // Mock verification creation response
diff --git a/app/Http/Middleware/SecureHeaders.php b/app/Http/Middleware/SecureHeaders.php
index 3910802..2ce63a8 100644
--- a/app/Http/Middleware/SecureHeaders.php
+++ b/app/Http/Middleware/SecureHeaders.php
@@ -20,7 +20,6 @@ public function handle(Request $request, Closure $next): Response
         $response->headers->set('X-Frame-Options', 'deny');
         $response->headers->set('Content-Security-Policy', "default-src 'self'; frame-ancestors 'none'");
         $response->headers->set('X-Content-Type-Options', 'nosniff');
-        $response->headers->set('Allow', 'GET, POST');
         $response->headers->set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
         
         return $response;
diff --git a/app/Http/Requests/CreateCaptureRequest.php b/app/Http/Requests/CreateCaptureRequest.php
index ed8ac49..9ae93ca 100644
--- a/app/Http/Requests/CreateCaptureRequest.php
+++ b/app/Http/Requests/CreateCaptureRequest.php
@@ -11,7 +11,7 @@ class CreateCaptureRequest extends FormRequest
      */
     public function authorize(): bool
     {
-        return false;
+        return $this->hasHeader('merchant-id') && $this->hasHeader('request-id');
     }
 
     /**
@@ -22,7 +22,22 @@ public function authorize(): bool
     public function rules(): array
     {
         return [
-            //
+            'amount' => 'required|integer|min:1',
+            'currency' => 'required|string|size:3',
+            'finalCapture' => 'boolean',
+        ];
+    }
+
+    /**
+     * Get custom messages for validator errors.
+     */
+    public function messages(): array
+    {
+        return [
+            'amount.required' => 'Capture amount is required',
+            'amount.integer' => 'Capture amount must be an integer in cents',
+            'currency.required' => 'Currency code is required',
+            'currency.size' => 'Currency code must be exactly 3 characters',
         ];
     }
 }
diff --git a/app/Http/Requests/CreateRefundRequest.php b/app/Http/Requests/CreateRefundRequest.php
index 780c224..5edeb02 100644
--- a/app/Http/Requests/CreateRefundRequest.php
+++ b/app/Http/Requests/CreateRefundRequest.php
@@ -11,7 +11,7 @@ class CreateRefundRequest extends FormRequest
      */
     public function authorize(): bool
     {
-        return false;
+        return $this->hasHeader('merchant-id') && $this->hasHeader('request-id');
     }
 
     /**
@@ -22,7 +22,24 @@ public function authorize(): bool
     public function rules(): array
     {
         return [
-            //
+            'amount' => 'required|integer|min:1',
+            'currency' => 'required|string|size:3',
+            'parentTransactionId' => 'required|string|max:64',
+            'refundType' => 'string|in:REFERENCED,STANDALONE',
+        ];
+    }
+
+    /**
+     * Get custom messages for validator errors.
+     */
+    public function messages(): array
+    {
+        return [
+            'amount.required' => 'Refund amount is required',
+            'amount.integer' => 'Refund amount must be an integer in cents',
+            'currency.required' => 'Currency code is required',
+            'currency.size' => 'Currency code must be exactly 3 characters',
+            'parentTransactionId.required' => 'Parent transaction ID is required',
         ];
     }
 }
diff --git a/app/Http/Requests/CreateVerificationRequest.php b/app/Http/Requests/CreateVerificationRequest.php
index 2114580..3e855cc 100644
--- a/app/Http/Requests/CreateVerificationRequest.php
+++ b/app/Http/Requests/CreateVerificationRequest.php
@@ -11,7 +11,7 @@ class CreateVerificationRequest extends FormRequest
      */
     public function authorize(): bool
     {
-        return false;
+        return $this->hasHeader('merchant-id') && $this->hasHeader('request-id');
     }
 
     /**
@@ -22,7 +22,27 @@ public function authorize(): bool
     public function rules(): array
     {
         return [
-            //
+            'currency' => 'required|string|size:3',
+            'paymentMethodType' => 'required|array',
+            'paymentMethodType.card.accountNumber' => 'required_with:paymentMethodType.card|string|min:13|max:19',
+            'paymentMethodType.card.expiry.month' => 'required_with:paymentMethodType.card|string|size:2',
+            'paymentMethodType.card.expiry.year' => 'required_with:paymentMethodType.card|string|size:4',
+            'paymentMethodType.card.cvv' => 'string|min:3|max:4',
+        ];
+    }
+
+    /**
+     * Get custom messages for validator errors.
+     */
+    public function messages(): array
+    {
+        return [
+            'currency.required' => 'Currency code is required',
+            'currency.size' => 'Currency code must be exactly 3 characters',
+            'paymentMethodType.required' => 'Payment method type is required',
+            'paymentMethodType.card.accountNumber.required_with' => 'Card number is required for card verifications',
+            'paymentMethodType.card.expiry.month.required_with' => 'Card expiry month is required',
+            'paymentMethodType.card.expiry.year.required_with' => 'Card expiry year is required',
         ];
     }
 }