Ecommerce, despite the numerous advantages it offers as a sales channel, also exposes merchants to certain risks due to the lack of face-to-face contact between the consumer and the seller. When it comes to electronic payments, one of the rapidly growing risks is that a buyer may attempt to perform online purchases with a debit or credit card they are not authorized to use.
A credit or debit card security code (CSC) is one of several fraud prevention tools that the online payment industry has developed in an attempt to safeguard merchants from the risks involved in processing unauthorized transactions. Let’s go over what this three- or four-digit number is and how it works to benefit consumers and merchants alike.
What is the security code on a debit card or credit card?
A credit or debit card security code, also known as card verification code (CVC) or card verification value (CVV), is a 3-digit or 4-digit code usually located on the back of a credit or debit card. Sometimes, as in the case of American Express cards, you can find this three-digit code on the front.
The card security code is an extra safety feature that protects merchants against fraudulent payments and minimizes the possibility of chargebacks. It also serves the purpose of enhancing customer confidence when they use their card to make a purchase at a merchant's store. This security measure is mainly used to protect cardholders and businesses from fraud.
Mastercard was the first card network to introduce the card security code in 1997. Due to rapid growth in the popularity of online shopping, more card networks soon followed, with American Express and Visa initiating the safety measure in 1999 and 2001, respectively. Nowadays most merchants utilize this particular security feature to make sure that the customers will authorize card payments before transactions are processed.
Based on the card issuer, i.e., the card network that issued the customer’s card, the three-digit number can be identified as one of the following acronyms.
- Visa uses the CVV acronym, which stands for Card Verification Value.
- Mastercard refers to the security feature as CVC, which stands for Card Verification Code.
- American Express asks the cardholder for the CID (Card Identification) – a four-digit number – to complete a purchase.
Where is the security code on a debit card or credit card?
The original version of the card security code (CVV1/CVC1) was included in a magnetic stripe on the back side of the card that was electronically read by the card reader when the card was swiped. However, the second version of the security code (CVV2/CVC2) includes a print version of the code at the back of the card that, for better security, isn’t stored on the stripe.
On a Visa or Mastercard credit card, customers can find the card security code along the signature stripe, which is placed on the back of their card. In the case of American Express, the company places the code above the credit card number on the card’s front.
Is a CVV number the same as a debit card number?
No. The debit card number is always present on the front side of a card in plain view. It is usually 16 digits long, regardless of the card network. Unlike the CVV, there is not a very strict element of secrecy surrounding the debit or credit card number. If a person illegally obtains your debit card number, they can’t do much with it. They would always need the CVV for any type of online transaction.
Is a CVV number the same as a debit card PIN?
No. A debit card PIN is a four-digit code that you enter when you have to authorize POS transactions greater than a certain amount or when you are trying to withdraw cash from an ATM. It is not displayed anywhere on the credit or debit card. PINs are more relevant to in-person card transactions, unlike CVVs, which are a must for online payments. Credit cards can also have PINs, but they will rarely come in handy for any type of transaction.
How does the card security code provide fraud protection?
The card security code was designed to protect cardholders and businesses from fraudulent activities during card-not-present (CNP) transactions (e.g. online shopping, telephone orders). The request for a security code during card-not-present transactions is of great importance to prevent fraud and chargeback disputes. By requesting the CVV/CVC/CID card code to complete the payment, a merchant ensures that the cardholder has physical access to the card, which likely means that he or she is the legitimate owner.
So, when is the code submitted by the merchant's client?
During the payment process, the customer submits their credit card number and expiration date along with the card security code on the checkout page. The card information is immediately transmitted through a payment page from the payment processor to the issuing bank for authentication purposes. If the card details and the security code are approved, then the transaction is approved. In case the code is not correct, the transaction is instantly canceled.
Online merchants who don't ask for a CVV/CVC/CID code are at higher risk of chargebacks. That's because stolen card data can easily be used for placing online orders. When the legal cardholder notices that their card data has been stolen and used for purchases that they didn't authorize, then they will initiate a chargeback. Merchants should ask for a card's security code to guarantee an extra layer of payment security for both their business and the customer.
Credit card security code checks are vital in the prevention of suspicious transactions that may lead to error codes. The error codes for credit card transactions are generated through the issuing bank of the credit card used for the purchase or the payment processor of the merchant. An example is credit card declined code 05 (‘Do not honor'), which is sent from the issuing bank when the credit card number doesn't pass a security check or the funds have been frozen. Such credit card processing error codes can be eliminated when merchants follow strict security measures like asking for the card verification code where necessary.
When is the security code requested?
The card security code is mostly requested during transactions when the card is not physically present. Such transactions include those that are performed via online shopping, email orders, or telephone orders. Most consumers expect you to request the security code and understand what it is.
A card security code is not requested where the card is present, such as in a brick-and-mortar store. That’s generally due to other POS terminal fraud protection features available for merchants during in-store transactions. These protection features include technology installed in the frequently used chip cards and the usage of PINs, which validate card-present transactions.
The problems with card security codes
Card security codes come with a few limitations. For instance, some eCommerce websites save the card details of their customers to offer a quick payment experience to frequent visitors. However, this practice should only be done when the necessary data protection protocols are followed to prevent system breaches or unauthorized data usage by fraudsters.
Merchants must either become PCI-certified or depend on their payment processors systems for the safeguarding of credit card data. Secure payment processing can be achieved by utilizing a secure, PCI-compliant payment gateway, such as the one provided by payabl.
Moreover, there are certain instances whereby a card security code might not prevent a chargeback dispute. For example, a customer might enter the correct CVC/CVV code and be the legitimate cardholder, yet still commit a type of online payment fraud that is referred to as ‘friendly fraud'. This means that they will request their money back after the purchased product has been shipped with the aim of keeping the product without paying for it.
Secure your card transactions with payabl.
Although there are a couple of limitations, the benefits of a card security code vastly outweigh the negatives. Find out more about how payabl’s payment gateway and payment pages can support you in utilizing CVV codes as a tool to prevent fraudulent transactions.