Wikipedia

Card security code

This is an old revision of this page, as edited by XSTRIKEx6864 (talk | contribs) at 05:58, 9 August 2006 (Mastercards, Visas, etc is not proper). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Template:Notoc

The Card Security Code is located on the back of all Mastercard, Visa and Discover Card credit or debit cards.
On American Express cards, the Card Security Code is located on the front.

The Card Security Code (CSC), sometimes called Card Verification Value or Code (CVV or CVC), is a security feature for credit card transactions, giving protection against credit card fraud. There are actually two security codes. The first, called CVC1 or CVV1, is encoded on the magnetic stripe of the card and used for in-person transactions. The second one, and the most cited, is CVV2 or CVC2. It is often used to secure "card not present" transactions occurring over the Internet, by mail, or over the phone.

Location

The CVV2 is a 3 or 4 digit value printed on the card, but not available on the magnetic stripe.

  • MasterCard, Visa and Discover Cards have a 3 digit code, called the "CVC2" (card validation code), "CVV2" (card verification value) and "Cardmember ID" respectively. It is not embossed like the card number, and is always the final group of numbers printed on the back signature panel of the card.
  • American Express cards have a 4 digit code printed on the front side of the card above the number, referred to as the "CID", or Card Identification Number. It is printed flat, not embossed like the card number.

The number is generated when the card is issued, by encrypting the card number and expiry date under a key known only to the issuing bank. Supplying this code in a transaction is intended to verify that the customer has the card in their physical possession.

Security benefits

Since the CVV2 is not contained on the magnetic stripe of the card, it is not typically included in the transaction when the card is used face to face at a merchant. This provides a level of protection to the cardholder, in that a corrupt merchant cannot simply capture the magnetic stripe details of a card and use them later for "card not present" purchases over the phone, mail order or Internet. To do this, a merchant would also have to note the CVV2 visually and record it, which is more likely to arouse the cardholder's suspicion.

Online merchants who require the CVV2 in their transactions are forbidden from storing these details once the transaction is complete. This way, if a database of transactions is compromised, the CVV2 is not included, and the stolen credit card numbers are less useful.

Limitations

The use of the CVV2 cannot protect against phishing scams, where the cardholder is tricked into entering the CVV2 among other card details via a fraudulent website. The growth in phishing has reduced the real-world effectiveness of the CVV2 as an anti-fraud device.

Since the CVV2 may not be stored by the merchant, a merchant who needs to rebill a credit card for a regular subscription would not be able to provide the code after the initial transaction. This means the use of CVV2 codes must remain optional; however, transactions without CVV2 are likely to be subjected to more stringent fraud screening, and fraudulent transactions without CVV2 are more likely to be resolved in favour of the cardholder.

See also

Retrieved from "https://en.wikipedia.org/w/index.php?title=Card_security_code&oldid=68555322"