Content deleted Content added
GrittyIron (talk | contribs) m →Types: Linked undefined acronyms to their Wikipedia pages |
|||
Line 29:
== Types ==
There are several types of security codes and PVV (all generated from [[Data Encryption Standard|DES]] key in the bank in [[Hardware security module|HSM]] modules using [[Payment card number|PAN]], expiration date and service code):
* The first code, 3 numbers, called CVC1 or CVV1, is encoded on track one and two of the [[Magnetic stripe card|magnetic stripe]] of the card and used for card present transactions, with signature (second track also contains pin verification value, PVV, but now it is usually all zeroed out and service code). The purpose of the code is to verify that a payment card is actually in the hand of the merchant (thus it should be different from CVV2). This code is automatically retrieved when the magnetic stripe of a card is read (swiped) on a [[point-of-sale]] (card present) device and is verified by the issuer. A limitation is that if the entire card has been duplicated and the magnetic stripe copied, then the code is still valid, even though you usually need to sign after that. (See [[Credit card skimming|credit card fraud § skimming]].)
* The second code, and the most cited, is CVV2 or CVC2. This code is often used by merchants for [[card not present transaction]]s including online purchases. In some countries in Western Europe, card issuers require a merchant to obtain the code when the cardholder is not present in person. Uses service code 000.
| |||