The Merchant’s Guide To Credit Card Security Codes (CVV, CVV2, CVC) & CVV Checks
If you’re a merchant and you blink, you might miss an essential detail in our ever-changing payment landscape. That’s because payment security, as well as payment technology in general, continues to grow and evolve each year.
Merchants often say that payment security is one of the most challenging (not to mention intimidating) topics to understand. We aim to change that here at Merchant Maverick. So whether you’re looking for an easy-to-understand explanation of “credit card security codes,” the definition of CVV/CVV2, or you want to understand more about how the CVV/CVV2 code affects the checkout process, stay with us. We’ll address all the notable points when it comes to this somewhat mysterious payment card security code on the back (and sometimes front) of nearly every credit and debit card.
Table of Contents
- What Is A CVV Number On A Credit Card?
- Why Do You Need A CVV Code?
- CVV Checks For Merchants: What You Need To Know To Accept Payments
- A Credit Card Security Code Is Just Part Of A Good Anti-Fraud Strategy For Merchants
- CVV2 & CVV FAQ: Major Questions About Credit Card Security Codes
- The Bottom Line: Learn How To Use & Safeguard Credit Card Security Codes
What Is A CVV Number On A Credit Card?
What is a CVV number on a credit card, and where on the card do you find it? Also, what is a CVV2 number, and is it the same thing as a CVV? A credit card’s CVV (or sometimes CVV2) is a three or four-digit number printed on every credit card you’ll encounter nowadays. This small code is not stored in the EMV chip or the magstripe, as the purpose is to ensure that anyone who makes a purchase has the card on their person. The goal of using the CVV code is to prevent unauthorized use of a credit card in any card-not-present transaction. That usually means online purchases, but it can also include manually-entered transactions too.
Alternative Names For Credit Card Security Codes
Before we go any deeper into this post, we need to address the elephant in the room — because if we don’t, things could get confusing. You may encounter more than one name for CVVs because the payment brands didn’t all agree on the same term (go figure). Depending on whom you talk to, you may hear any of the following terms, but these all refer to the same thing:
- Card Verification Value (CVV Or CVV2): Visa and Mastercard
- Card Verification Code (CVC): This term refers to the CVV/CID code
- Card Identification Number (CID): Discover and American Express
Where To Find Your CVV Code On Your Card
Visa, Mastercard, and Discover all put this numerical code on the back of their cards near the signature space. American Express, however, chose to put its CID on the front of the card. Regardless of where you find it, the code does the same thing — it helps a merchant confirm that the card owner is in charge of the purchase.
Here’s a quick summary table:
|Issuer||Name||Location||Number Of Digits|
|Visa||CVV/CVV2||Back of card||3|
|Mastercard||CVV/CVV2||Back of card||3|
|American Express||CID||Front of card||4|
|Discover||CID||Back of card||3|
Note that this code isn’t transmitted when a credit card is swiped, dipped, or tapped during a card-present transaction. The CVV number is another layer of security that helps merchants prevent different types of fraud and reduce their liability. Keep reading to find out more reasons you should care — and where to go from here.
Why Do You Need A CVV Code?
As we mentioned above, if you accept payment over the phone or have an online shop, a credit card security code provides an additional way to confirm that it’s the cardholder buying from you. But that’s not the only reason you would need to have a CVV/CVV2 number during a transaction.
The major card brands began requiring merchants to submit this code in card-not-present transactions in 2018. Why did they do it? Because online fraud is increasing. LexisNexis noted in its 2018 True Cost Of Fraud report that the cost of fraud is also rising. In 2017, every dollar ($1) of fraud cost a merchant $2.77. In 2018, however, that number increased to an average of $2.94. And, unfortunately, if you are in the digital space, the cost is even higher.
Another big issue that a CVC code helps prevent for merchants is a chargeback. A chargeback is when a customer requests that the funds from a payment be reversed (usually because the charge wasn’t authorized). Chargebacks can happen for a variety of reasons. While a CVV code can’t protect you from all of them, it is evidence that the customer did authorize the sale because they would have had to have the card in hand to enter the code. In this way, a credit card security code can protect you from “friendly fraud” — when a customer claims they didn’t purchase from you at all when knowing full well they did!
Want to arm yourself with important insights about chargebacks? Check out our complete guide to preventing and fighting chargebacks.
CVV Checks For Merchants: What You Need To Know To Accept Payments
To recap, only card-not-present transactions for which you don’t physically swipe, dip, or tap require you to worry about doing a CVV check. That means that even if your customer is present, you will need to get the CVC if you manually enter the credit card data through your virtual terminal, POS system, or mobile POS app.
If you take any payments online or you send and receive invoice payments, your customers will also plug the credit card’s CVV number in during the checkout process. For more on card-not-present sales, check out The Complete Guide To Processing Card-Not-Present Transactions.
It’s important to note that merchants who process in-person payments with a card reader or terminal do not need to worry about CVV codes, nor should anyone give out their code willy-nilly. The code is only useful to confirm a card when you don’t process with a card’s EMV chip or magnetic stripe.
Let’s take a closer look at the two main scenarios when you’d need to worry about the added security of a CVV/CVV2 number.
Entering CVV Numbers For Manually-Entered Transactions
If you already utilize a PCI-compliant payment processing company, you’ll notice that your payment form for manual entry already has a spot for a CVV number. As stated earlier, that’s because the payment companies now require it on all card-not-present purchases. All processors nowadays know the scenarios where it is applicable to ask for the CVV code, and you or your customer will be automatically prompted to enter it if necessary. So remember, the CID, CVV1, or CVV2 number is not needed at all if you swipe, dip, or tap the card in your shop.
Here’s a screenshot of a virtual terminal through Square with the CVV section highlighted. This is a merchant-facing screen for manual card entry. Again, CVV and CVV2 refer to the same number, but Square is just covering its bases by using both terms.
It’s important to note that no merchant should ever store the CVV code on their servers or record them in any way. In fact, the Payment Card Industry-Data Security Standard (PCI-DSS) regulations prohibit storing this number. While collecting a CVC at the moment of purchase and not storing it is not a perfectly airtight security measure, it’s additional protection for merchants to authenticate online and over-the-phone purchases when you can’t visually check identification.
CVC Code Entry For eCommerce
For those of you who have an eCommerce presence, a credit card security code is also required by the major payment companies during processing. Of course, any online sale is considered a card-not-present transaction, and as such, you should be aware of the risks. Fraudsters often target small businesses by looking for vulnerabilities, so it’s important to have a PCI-compliant processor and payment gateway.
A Credit Card Security Code Is Just Part Of A Good Anti-Fraud Strategy For Merchants
CVV codes are not the only way for a merchant to reduce fraud. Using AVS and adding other anti-fraud services (such as 3D Secure) can help as well.
An excellent feature to look for if you take payments via your online shop is AVS (Address Verification System). As the name suggests, the processor authenticates your customer’s address during checkout. Whether this feature costs you extra or not depends on the processing company that you choose. Many processors do include the feature automatically with their flat or tiered pricing plan. However, even if you do pay a bit extra, keep in mind that AVS significantly reduces your risk of fraud. Transactions processed with AVS likely have downgraded risk factors and may even save you money, so keep that in mind as well. For more about AVS, check out How To Use An AVS Check To Reduce eCommerce Fraud & Protect your Business.
We also couldn’t talk about online security without mentioning 3D Secure technology. With 3D Secure technology, the card brands step in to provide an extra authentication step during checkout. The actual process varies by card network and by issuing bank, but for business owners, once you’ve implemented this step, you don’t need to do anything else specific. Ask your payment processor if 3D security is a built-in feature or, if not, how you can add it to your site. For more information, check out our post, What Are Verified By Visa & 3D Secure?
CVV2 & CVV FAQ: Major Questions About Credit Card Security Codes
The Bottom Line: Learn How To Use & Safeguard Credit Card Security Codes
This post aimed to clarify any confusion regarding why and how a CVV (or CVV2, or CVC, or CID) number is vital for your small business. Hopefully, we’ve made the airtight case that the CVV code is an essential piece of information any time you process a card-not-present transaction, but otherwise, don’t fret over it at all.
Because payment companies mandate all merchants to collect the credit card CVV code during online or manual card entry, you’ll need to find a payment processing company that’s up to date with the latest policies. Keep in mind that merchants can’t store the CVV data to be PCI compliant, so never write it down. Even with card-on-file transactions, merchants shouldn’t store the CVV code; if you do, you could be liable if there’s a data breach.
In addition to the CVV, we also introduced you to some other important tools that can help keep your payment landscape safer for you and your customers. If you’re shopping around for your online shop, look for a processor that specializes in online payments and gives you the right credit card security tools, including AVS checks or 3D Secure technology. Check out our Merchant Account Comparisons to find out more about features, fees, and support.
Lastly, if you’re a consumer reading this article and are wondering how you can avoid entering the CVV every time you purchase online, there are two possibilities: pay through a digital wallet or use Click-to-Pay. Digital wallets transform credit card payment information into a token, and the token is transmitted electronically when making a payment. No CVV is involved at the consumer’s end. As to Click-to-Pay, it’s a new consumer service from the major credit card brands that help consumers pay faster, including skipping hand-entering the CVV.