In this article, we’ll be uncovering the concept of a CVV code, where it can be found, how it works, its importance and how it can contribute to heightened online payment security.
What’s a CVV code and where’s it located?
CVV stands for “Card Verification Value” and is a three- or four-digit number found on the back of most credit and debit cards. CVV codes are also known as CVC (card verification code) or CSC (card security code).
In general, CVV codes provide a second layer of authentication. This helps to verify the cardholder’s identity when initiating online transactions, ensuring that the customer making the purchase is the owner of the relevant payment card. The CVV code is a three or four-digit number that is visible on the signature strip, near the area where the cardholder would sign their name. Mastercard and Visa have a three-digit CVV on the back of the card, whereas American Express uses a four-digit CVV on the front of the card.
Types of CVV codes
As mentioned before, CVV codes come in various formats and names depending on the card scheme. Below, we explore some of them:
- CVV1 – This is encoded in the magnetic stripe of the card and is used for card present transactions, mainly at point of sale (POS) terminals or ATMs.
- CVV2 – Commonly found on Visa, Mastercard and Discover cards, this three-digit code is used for online and over-the-phone transactions.
- CVC – Similar to CVV2, CVC is used on Mastercard cards.
- CID – American Express (Amex) uses a four-digit code known as the card identification number (CID), which is printed on the front of the card.
How do CVV codes work?
When a shopper makes an online purchase, they’re typically prompted to input their CVV code alongside their card number, expiration date as well as their name and, often, their billing address. The CVV code is then passed securely to the issuer for authorisation. The transaction gets approved or declined based on the CVV number’s match with the one the issuer has on record, alongside the rest of the payment details and checks that are performed after the initiation of the transaction.
The merchant will also receive a CVV code indicating the status of the transaction as follows:
- M – the CVV aligns with the information the issuer has on-file.
- N – the CVV doesn’t match what the issuer keeps on record.
- U – the CVV hasn’t been verified. This signifies that the issuer didn’t confirm whether the CVV is correct. This typically occurs if the transaction is rejected before the CVV gets checked.
- I – no CVV was provided.
What is a dynamic CVV?
Some banks issue cards without a static CVV code that instead use a dynamic CVV code. This type of card uses a temporary card verification code to verify a purchase, only accessible through a customer’s banking app. This operates similarly to two-factor authentication, whereby a customer will be sent a single-use PIN when they’re ready to make a card payment. This code will then be sent to the issuing bank along with other cardholder details to authorise the payment. Unlike static CVV codes, cards with a dynamic CVV code create a new number for each transaction, providing added security for online purchases.
CVV code versus PIN – What’s the difference
It should be noted that CVV numbers are not one and the same as a cardholder’s PIN code. A PIN code is essentially a password that the cardholder needs to enter into a terminal keypad when making a card purchase in-store, in order to verify their identity. On the other hand, a CVV code is employed to authenticate card payments made online or over-the-phone, and helps prevent card-not-present fraud.
How do CVV codes prevent fraud?
According to Statista, it’s estimated that online merchants collectively lost US$41 billion globally due to online payment fraud, which is predicted to increase to US$48 billion by 2023. There are a number of ways that fraudsters can obtain credit card information, which includes card skimming, phishing scams or by stealing a physical card. Furthermore, this emphasises the importance of payment security measures such as CVV codes in combatting credit card fraud.
A CVV code is not allowed to be stored by merchants, which means the only way this information can be obtained is by having the physical card. This helps reduce online fraud as it requires information that could only be acquired by the cardholder, adding an extra layer of authentication. However, this should not be a standalone solution and should be implemented alongside other risk management measures such as Address Verification Service (AVS), 3D Secure 2 and real-time fraud monitoring.
How emerchantpay can help
CVV codes play a vital role in reinforcing online payment security by providing another level of protection against fraud. Understanding their purpose and importance is key for both cardholders and businesses to facilitate safe and frictionless payments.
By teaming up with emerchantpay, you’ll be equipped with robust fraud prevention solutions and efficient, real-time monitoring that can track down suspicious behaviour, leaving your customers at ease that their transactions are processed with utmost security. As a Level 1 PCI compliant payment service provider and acquirer, our team’s committed to understanding the specifics of your business and accommodating your needs. We’ll help you craft your risk and chargeback management strategy to safeguard your customers and revenue.
Ready to find out how emerchantpay can minimise any fraud risks and help grow your payments’ revenue? Contact our team of payment experts today.