This is the latest installment in The Official Merchant Services Blog’s Knowledge Base effort. We want to make the payment processing industry’s terms and buzzwords clear. We will eliminate any and all confusion merchants might have about how the industry works. At Host Merchant Services, we promise to deliver personal service and clarity. So we’re going to take some time to explain how everything works. This ongoing series is where we define industry related terms and slowly build up a knowledge base and as we get more and more of these completed, we’ll collect them in the resource archive for quick and easy access.
Card Verification Value (CVV)
In continuing with our E-Commerce focused blogs this week, I thought it would be appropriate to introduce the term Card Verification Value, or CVV. There are two types of CVV codes, called CVV1 and 2, respectively. The CVV1 is embedded in the magnetic stripe of track 2 of a card. The purpose of the first CVV is to verify data stored on a card is valid and was issued by a bank when used in person.
The second and more prominent CVV2 is a three-digit code (Visa, MasterCard) printed on the back of credit and debit cards. American Express cards have a ‘Unique card code’ that is four-digits long and printed on the front. Discover has a 3-digit code on the back of its cards, but refers to this as a CID (Card Identification Number). These codes are used in card not present transactions occurring over the Internet, or MOTO as an added security feature to prevent fraudulent purchases. The code is meant to verify that the customer has the card in their possession.
Merchants requiring CVV2 codes for their card not present transactions can dramatically reduce fraud in their businesses. Using this extra layer of protection can stop breached or fraudulent cards from going through. Avoiding potential retrievals and chargeback fees.
Entering your CVV2 code when purchasing online products verifies that you are who you say you are. Under Visa regulations, merchants cannot store CVV2 codes in their databases. This means any card numbers lost in a breach would be less useful. In this sense, a consumer is protected on both sides of a transaction, once when verifying the purchase, and then again in terms of breach or fraud security.