What is card validation code and card verification value?
CVC or card validation code and CVV or card verification value mean 3-digit security authentication numbers printed on the back of payment cards. CVC and CVV ensure the security of online payments by acting as proof that the cardholder carries out a transaction.
So how exactly are CVC/CVV used in online payments? When paying for a purchase in any e-commerce store, the buyer needs to fill out a payment form — enter the card number, the owner’s name and surname, the expiration date, and, finally, the CVC or CVV code. Without providing this authentication number, you won’t be able to complete the transaction.
CVC and CVV numbers are mainly used in card-not-present transactions. The request for these verification codes is an optional condition for merchants but their legitimate right. Therefore, the merchant may or may not request your CVC/CVV at will.
The difference between CVC and CVV
CVC is a security code used by the Mastercard card network. CVV code can be found on debit/credit cards issued by Visa. The primary purpose of the CVC and CVV is the same — cardholder’s identification.
Both security numbers are intended to identify real cardholders who have access to specific payment details. Thus, card validation code and card verification value help merchants minimise the risk of unknowingly accepting a counterfeit card and cardholders being scammed.
What is card validation code/card verification value used for?
In the case of in-person payments through the terminal or card reader, the merchant has no reason to worry about CVC and CVV codes since the customer manually enters their Personal Identification Number or PIN. However, if a merchant accepts online payments, the customer is required to enter their card’s CVC or CVV to verify two things:
- The cardholder’s debit/credit card is at their disposal at the time of payment.
- The cardholder’s debit/credit card account is legitimate.
Besides, CVC and CVV are valuable markers for fraud detection and prevention. Since payment intermediaries are forbidden to store any sensitive cardholder’s information, including CVC/CVV, entering the code during checkout guarantees physical possession of the card at the time of purchase. Thus, even if your card issuer data is leaked, fraudsters won’t be able to use your card details without a card validation code or CVV.
Are there any drawbacks to using CVC/CVV?
The only drawback of CVC/CVV lies in the fact that if fraudsters get hold of your plastic card, they will also have a CVC or CVV code at their disposal. Each online transaction goes through an additional verification layer to avoid misappropriation of funds on the card. For example, the buyer can confirm the transaction in the mobile application of his bank or enter the code that is additionally received.
Where is CVC/CVV located on a card?
The CVC and CVV code of most bank cards consist of three digits located on the reverse of the card, in the signature area. On American Express (AMEX) cards, the code usually consists of four digits located on the front. Typically, the last three digits of a seven-digit number are visually separated from the rest of the digits.
How are CVC and CVV generated?
Many people think that CVC and CVV codes are generated randomly. We hasten to dispel this myth. Although the exact algorithms are unknown to us for obvious reasons, sources say issuing banks generate them based on the following information:
- Primary Account Number (PAN)
- Expiration date
- DES (Data Encryption Standard) keys known only to the card issuer
- Three-digit service code
All this data is securely encrypted by the issuing bank using algorithms unknown to the general public.
How can I protect my CVC/CVV?
A few basic rules can keep cardholders safe from CVC/CVV hacks and unauthorised purchases. Here they are:
- Enter your CVV number only on trusted websites
- Don’t respond to suspicious requests for your card information
- Don’t share any photos of your credit card
- Check the payment processor for PCI DSS compliance.
In turn, merchants accepting online payments should take into account that the card validation code and card verification value are not the main way to reduce fraud. Thus, requesting a CVV number can only be effective if you apply comprehensive data protection measures, including 3DS.
Ready to boost your business to the next level?
Get in touch with us and we will try to provide you with the most relevant offer.