Resource center
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Topic
Region
Perspectives

What is a CVV number?

We’ll explain what a CVV number is, how it works, when you should ask for it in an online transaction – and what you should do with the CVV when you’re done.

Link to the author's page
Checkout.com
September 4, 2024
Link to the author's page
What is a CVV number?

As a customer, you’ll be aware of the three-digit code on the back of your Visa debit card (or the four-digit one on the front of your American Express), even if you didn’t know what it was called. Well, this number has a name – CVV (Card Verification Value).

And, as it turns out, it benefits not only customers – but merchants, too.

CVV checks can help your business detect and prevent payment fraud, avoid chargebacks, and remain compliant with the payment industry’s strict data handling standards. But how?

Read on to find out. We’ll explain the meaning of a CVV code, how it works, when you should ask for it in an online transaction – and what you should do with the CVV when you’re done.

What is a CVV number?

CVV stands for Card Verification Value. It’s a security feature that allows you to authenticate credit and debit card transactions you accept online, over the phone, or via mail order.

Because every CVV is unique to each customer’s card and account holder, CVV checks are an excellent way of verifying the legitimacy of a debit or credit card transaction. Essentially, CVV checks tell you that the customer actually has access to the card they’re using to make a purchase from your business – and that they’re not using stolen debit or credit card data.

There are different types of CVV, which include:

  • CVV1: this is encoded on the magnetic stripe of the card your customer swipes when they make a payment in-store, from your point of sale (POS) terminal.
  • CVV2: this is the three-digit number printed on the back of the customer’s card – usually in the signature panel. They’ll use this when making online or phone-based purchases from your business, where neither the customer – or their card – are physically present. (These are called card-not-present, or CNP, transactions.)
  • CVC2: this refers to Card Validation Code 2, and is simply another term for CVV2 that Mastercard uses. (As we’ll see, different card schemes – such as Visa, Discover, American Express, and Mastercard – have similar, but varying, CVV approaches.)
  • CID: this stands for Card Identification Number, and it’s the four-digit code you’ll see on the front of an American Express card. (It's printed just above the card number.) In an online transaction, it serves the exact same purpose as the CVV2 or CVC2.

The acronym CVV is also Discover’s version of CVV2 – the code on the back of the card, not the one encoded into the magstripe – and is not to be confused with CVV1. (Confusing, we know!) 

For a handy, at-a-glance guide to the different acronyms each card scheme uses, see below:

  • CVV2 is used by Visa
  • CVC2 is used by Mastercard
  • CID is used by American Express
  • CVV is used by Discover

Why is a CVV number important and how can it protect you?

CVVs are important because they provide an additional layer of security for online or phone transactions, protecting the cardholder and your business from fraudsters. That’s because the card number, expiry date, and cardholder’s name alone are not enough to authenticate the transaction.

By supplying the CVV, the individual making the payment proves they are in possession of the physical card used to make the purchase. This helps to prevent fraud. Although this wouldn’t stop someone stealing and using a physical card, it does stop fraudsters trying to use card details that they’ve bought on the Dark Web or obtained via a data breach or hack.

Additionally, because the CVV isn’t embossed on the card or stored in the card’s magstripe, thieves can’t easily gain access to it by ‘skimming’ devices like ATMs; this adds another level of complexity for fraudsters attempting to use stolen credit cards. What’s more, unusual CVV patterns (such as multiple attempted transactions with the wrong CVV code) can raise red flags: triggering fraud detection systems and helping stop unauthorized transactions before they slip through the net.

CVV numbers help you prevent several different types of payment fraud (especially card-not-present fraud). To learn more about how to detect and prevent fraud, our comprehensive guide offers everything you need to know.

Where to find the CVV code

As with other card details, including your credit card number and the card’s expiration date, you can find your CVV on your physical card. However, unlike those details, it is printed rather than embossed and where it appears depends on your card network.

  • Visa, Mastercard, Discover: you’ll find the three-digit CVV on the back of the card, usually within or next to the authorized signature box
  • American Express: if it’s an Amex, the CVV is four digits and is located on the front of the card next to the contactless symbol

Difference between CVV and PIN

PINs and CVVs are both essential for security but perform different functions. 

PIN stands for ‘personal identification number’. A PIN is usually a four-digit code that is issued in association with a payment card as an additional layer of security. A cardholder may have to enter their PIN when they withdraw cash using their debit card or attempt a payment using a card reader. It is often possible for the cardholder to choose their own PIN.

A CVV also provides an additional layer of security. However, it is automatically generated by the issuer and printed on the card. It cannot be changed. Unlike PINs, which are typically used during face-to-face transactions, CVVs are used for online or over-the-phone payments.

When should you ask for the CVV?

You should ask for the CVV when processing card-not-present transactions: so, those you accept over the phone or online (be that through your website or mobile app).

Do this at the checkout stage, at the same time you ask for the customer’s personal information and other credit or debit data. This will help minimize any potential friction. For phone orders, you can verbally request the CVV from your customer, before entering it directly into your virtual terminal. (If you write it down anywhere for security, be sure to securely destroy the piece of paper as soon as the transaction is complete – we’ll explain why shortly)

If you offer a subscription- or membership-based service that processes recurring payments, you should request a CVV check every time you process a new payment. Used in combination with a real-time account updater, this will help confirm the continued validity of your returning customers’ cards, and drive down the likelihood – and risks – of unauthorized charges.

CVV and chargebacks

Running diligent CVV checks can help your business avoid the financial and reputational losses that chargebacks – and, worse, chargeback fraud – cause.

Chargebacks happen when your customer, having made and received an order from your business, disputes the transaction with your bank. Sometimes, this can be ‘friendly’ fraud – where the customer, perusing their bank statement, simply doesn’t recognize or remember the purchase. It can also be a purposeful (and fraudulent) attempt to claim free goods or services by claiming they didn’t arrive, or that they did so in a faulty or misleading condition.

In those cases, CVV checks can’t help you, because it’s the legitimate cardholder responsible for the chargeback. However, CVV checks can help you avoid chargebacks that result from unauthorized transactions. These happen when a fraudster illegally obtains a cardholder’s details, and uses them to make a purchase from your site.

Discovering the fraud, the legitimate card owner raises an equally legitimate dispute – which, when the bank rules in their favor, will leave you out of pocket for the inventory and the purchase amount, plus a chargeback fee on top.

By confirming that the cardholder is actually in possession of the card, CVV checks can protect you from chargebacks that happen as a result of cardholder theft. Which, while not the whole battle, is at least one potent part of a complete payment fraud detection arsenal.

What should you do with the CVV after a transaction?

After a transaction is complete, you should delete your customer’s CVV information.

Under no circumstances should you hang on to CVV data – whether electronically, in paper format, or in any other logs, databases, or storage systems.

Keeping hold of CVV data isn’t permitted by the major card schemes, and doing so will cause you to run afoul of PCI DSS (Payment Card Industry Data Security Standard) regulations. These govern how merchants handle all the sensitive cardholder information bundled up in a transaction – and that includes not holding onto it once that transaction is complete.

Every single merchant processing debit and credit cards must be PCI compliant. What level of PCI compliance you must obtain depends on the extent of the involvement you have with customer data. If you use a payment processor such as Checkout.com, for instance – which has Level 1 PCI compliance, the highest possible – we’ll generally handle that for you.

This simplifies your PCI duties (which involve filling out often lengthy self-assessment questionnaires, or SAQs). And means there’s less chance of you inadvertently retaining CVV information after a transaction, thus risking fines – and the big reputational hits that come with.

How Checkout.com can help you with credit card processing

CVV numbers are an integral part of accepting debit and credit cards at your business – and doing so in a way that minimizes fraud’s impact on you, and your customer.

However, CVV is just one part of a credit card processing strategy that needs to be optimized to your business’s unique needs and circumstances. This includes accepting a wide range of payment methods – including local and alternative ways to pay – and being able to do so online and via mail order/telephone order (MOTO).

You’ll also need to consider CVV alongside other fraud prevention tools – such as Address Verification Service (AVS), 3D Secure, and biometric verification – and how strategies like payment tokenization and machine learning can keep you one step ahead of the fraudsters.

Fortunately, these are all areas Checkout.com can help you in. Our Fraud Detection solution combines dynamic, AI-driven tools to boost authorization rates and reduce false declines, while constantly learning, improving, and drawing on the latest data to safeguard your business.

What’s more, we can process your transactions in over 150 currencies: helping you drive down cart abandonment rate by letting your customers pay the way they want to.

This barely scratches the surface, though. To dive deeper, get in touch with our team of payment experts today to learn more, and for a friendly, no-obligation conversation about CVV, fraud prevention – and the wealth of benefits Checkout.com can offer your business.

Download PDF

Stay up-to-date

Get Checkout.com news in your inbox.

Back to top button

Most recent articles

Five ways retailers can prepare payments for the peak season surge
Blog
Nov 20, 2024

Five ways retailers can prepare payments for the peak season surge

Read article
Payment fraud trends (and how to fight them)
Blog
Nov 18, 2024

Payment fraud trends (and how to fight them)

Read article
Interchange fees explained
Blog
Nov 14, 2024

Interchange fees explained

Read article
Future-proofing your career: Education in payments and fraud
Blog
Nov 13, 2024

Future-proofing your career: Education in payments and fraud

Read article
What is a PayFac & what are the benefits of becoming one?
Blog
Nov 7, 2024

What is a PayFac & what are the benefits of becoming one?

Read article
What is Visa Direct?
Blog
Nov 7, 2024

What is Visa Direct?

Read article
How to prevent buy now, pay later (BNPL) fraud
Blog
Nov 5, 2024

How to prevent buy now, pay later (BNPL) fraud

Read article
What is Octopus Wallet?
Blog
Nov 4, 2024

What is Octopus Wallet?

Read article
Do omnichannel payments thrill your customers? Or do you just need more simplicity?
Blog
Oct 24, 2024

Do omnichannel payments thrill your customers? Or do you just need more simplicity?

Read article
Ecommerce trends shaping peak season sales this Black Friday and Cyber Monday
Blog
Oct 23, 2024

Ecommerce trends shaping peak season sales this Black Friday and Cyber Monday

Read article
Data privacy and identity verification in the US
Blog
Oct 23, 2024

Data privacy and identity verification in the US

Read article
What happens in 336 ms? The journey of a payment transaction
Blog
Oct 21, 2024

What happens in 336 ms? The journey of a payment transaction

Read article
Return to home
September 4, 2024 22:23
September 4, 2024 22:23