Understanding CVV2

I’d be willing to bet my next paycheck that if you’re reading this article, you’ve probably done your fair share of shopping using that small, rectangular piece of plastic that fits so snugly in your wallet. Credit cards have revolutionized our purchasing power. They are extremely simple to use- just swipe and sign or type and click. And as easy as they are to use, they can be dangerous if the information they carry ends up in the wrong hands.

Consequently, one might ask, “Are there any measures that can be implemented to decrease the risk involved when using a credit card?” The answer to that would definitely be yes. Since most cases of credit card fraud stems from card-not-present (CNP) transactions, such as online shopping or mail ordering, the most obvious and effective method would be to just use common sense. Be wary of where you shop. Do your research and make sure the merchant is reputable.

There is however, an added security measure designed especially for CNP transactions, and its located directly on your credit card. This is known as the Card Verification Value 2 code (CVV2). You probably know it as the 3-digit-number at the back of your Visa, MasterCard or Discover, right under the magnetic strip on the right hand side. Or for those of you with American Express, it’s the 4-digit-number on the right hand side of the face of the card. This might lead you to wonder, “If this is the CVV2, where’s the CVV1?” The CVV1 is encoded onto the card’s magnetic strip and is used only in card present transactions.

So now you know what is and where to find it, how can it help you? I’m glad you asked. First of all, let’s make it clear that the CVV2 code is not stored in the magnetic strip like the CCV1 or the card number itself. Hence, the CVV2 is never recorded when the credit card is swiped. This would limit the ability of a fraudulent merchant to capture the magnetic stripe details of your card, in an attempt to use it at a later time for a CNP transaction. Online merchants who require CVV2 codes to process transactions are forbidden by Visa to store the code after the transaction is authorized and completed.

This regulation is part of a larger collection of regulations known as the Cardholder Information Security Program. CISP is instated to reduce credit card fraud.

“All merchants are prohibited from storing CVV2 data. When asking a cardholder for CVV2, merchants must not document this information on any kind of paper order form or store it on any database.”

Although the CVV2 code decreases credit card fraud. It is not without some limitations. Since MasterCard only introduced this measure in 1997, and Visa in 2001, it is not mandatory for merchants to require the code. This decreases the overall effectiveness. However, transactions processed without a CVV2 code might be subjected to higher scrutiny for fraud. A transaction deemed to be fraudulent that was processed without a CVV2 code tends to be resolved in the favor of the cardholder.

So now that you’re all caught up and hopefully a bit more knowledgeable about your credit cards, I bid you good luck in all your future charging endeavors. Just remember, charging can be easy and safe, but charge responsibly, and with a reputable business. If you’re an online merchant, accepting CVV2 should be a given. For other questions about CVV2 and other fraud-prevention measures, give us a call at 800-546-1997.

Some recommended additional reading: