Payments Learning Resources

Card Security Code

A credit or debit card security code is one of several fraud management tools that the online payment industry has developed, in an attempt to safeguard merchants from the risks involved in processing unauthorized transactions.

Protecting merchants with the card security code

card security code image with magnifying glass

Ecommerce, despite the numerous advantages it offers as a selling channel also exposes merchants to certain risks due to the lack of face-to-face contact between the consumer and the seller. When it comes to payments, one of the risks is that a buyer attempts to make a transaction with a credit card he is not authorized to use. A debit or credit card security code is an extra safety feature that protects merchants against fraudulent payments and minimizes the possibility of chargebacks. This security measure also serves the purpose of enhancing customer confidence when they use their card to make a purchase on a merchant’s store.

What is the card security code?

graphical illustration of credit card with labels for each section

A card security code is a 3-digit or 4-digit code usually located on the back side of a credit or debit card - except with American Express cards where you can find the code on the front. The code is mainly used to protect cardholders and businesses from fraud. Mastercard was the first card network to introduce the card security code in 1997. Due to online shopping growth, more card networks soon followed with American Express and Visa initiating the safety measure in 1999 and 2001, respectively. Nowadays most merchants utilize this particular security feature to make sure that the customers will authorize card payments before transactions are processed. Based on the card network that issued the customer’s card, the security code can be identified as one of the following acronyms:

  • Visa uses the CVV acronym which stands for Card Verification Value.
  • Mastercard refers to the security feature as CVC which stands for Card Validation Code.
  • American Express asks the cardholder for the CID – Card Identification number- to complete a purchase.

The original version of the card security code (CVV1/CVC1) included a magnetic stripe on the back side of the card which was electronically read by the card reader when the card was swiped. However, the second version of the security code (CVV2/CVC2) includes a print version of the code at the back of the card. On a Visa or MasterCard credit card, customers can find the card security code along the signature stripe which is placed on the back side of their card. When it comes to American Express, the company places the code above the credit card number on the card’s front.

How does the security code provide fraud protection?

The Card Security Code indicated on the front and back of a credit card

The card security code was designed to protect cardholders and businesses from fraudsters, during card-not-present transactions (e.g. online shopping, telephone orders). The request of a security code during card-not-present transactions is of great importance to prevent fraud and chargeback disputes. By requesting the CVV/CVC/CID card code to complete the payment, a merchant ensures that the cardholder has physical access to the card which likely means that he or she is the legitimate owner.

So when is the code submitted by the merchant’s client? During the payment process, the customer submits their credit card number and expiration date along with the card security code on the checkout page. The card information is immediately transmitted through a payment page from the payment processor to the issuing bank for authentication purposes. If the card details and the security code are approved then the transaction is approved. In case the code is not correct, then the transaction is instantly canceled.

Online merchants who don’t ask for a CVV/CVC/CID code are at higher risk of chargebacks. That’s because stolen card data can easily be used for placing online orders. When the legal cardholder notices that their card data is stolen and used for purchases that they didn’t authorize, then they will initiate a chargeback. Merchants should ask for a card’s security code to guarantee an extra layer of payment security for both their business and the customer.

Credit card security code checks are vital in the prevention of suspicious transactions that may lead to error codes. The error codes for credit card transactions are generated through the issuing bank of the credit card used for the purchase or the payment processor of the merchant. An example is credit card declined code 05 (‘Do not honor’) which is sent from the issuing bank when the credit card number didn’t pass a security check or the funds have been frozen. Such credit card processing error codes can be eliminated when merchants apply card security measures like the card security code.

When the security code is requested

The card security code is mostly requested during transactions when the card is not physically present. Such transactions include those that are performed via online shopping, email orders or telephone orders. Most consumers expect you to request the security code and understand what this is. A card security code is not requested where the card is present such as in a brick and mortar store. This is generally not required due to POS terminal fraud protection features available for merchants during in-store transactions. These protection features include technology installed in the frequently used chip cards and the usage of pin numbers which validate card-present transactions.

The problem with card security codes

Card security codes come with a few limitations. For instance, some e-commerce websites save the card details of their customers to offer a quick payment experience to frequent visitors. However, this practice should only be done when the necessary data protection protocols are followed in order to prevent any system breach and data usage by fraudsters.

Merchants either become PCI Level I certified or depend on their payment processors systems for the safeguarding of credit card data. Secure payment processing can be achieved by utilizing a secure payment gateway, such as the one provided by Powercash21. Our payment gateway is PCI DSS Level 1 certified and equipped with the most advanced fraud prevention tools, such as 3D securegeolocationvelocity checks, and BIN Lookup.

Moreover, there are certain instances whereby a card security code might not prevent a chargeback dispute. For example, a customer might enter the correct CVC/CVV code and be the legitimate cardholder, yet still commit what is referred to as ‘friendly fraud’. This means that he or she will request their money back after the purchased product has been shipped with the aim of keeping the product and getting their money back.

Although there are several limitations, the benefits of a card security code vastly outweigh the negatives. Find out more about how Powercash21’s gateway and payment pages can support you in utilizing CVV as a tool to prevent fraudulent transactions.

Sign Up To Our Newsletter

Subscribe To Our Newsletter To Get Our Latest News