Introduction
Your online merchant services team can set up an online store and shopping cart to take credit card transactions while online. Part of the order form you’ll produce will include a spot for a CVV number.
The CVV or Card Verification Value is the most essential number on a credit card. While the actual card number and the name and expiration date are critical, the CVV is responsible for ensuring a card isn’t used by the wrong people.
The CVV number must be kept safe in the credit card processing effort. You cannot keep the CVV data on whatever cards you collect while managing payments.
The CVV also reduces the risk of fraud and other losses, but it is not a completely foolproof solution. You may still experience issues surrounding fraud depending on what data thieves try doing when collecting data. But the CVV still remains a useful setup for keeping card data from being lost.
What Is the CVV?
A Card Verification Value or CVV number on a credit card is a number utilized for completing online transactions. A card issuer will produce the CVV based on the card number, the service code, the expiration date for the card, and a unique code the issuer provides. The issuer will use these points to compare information on the card and to ensure it is the correct one being utilized for a card-not-present or CNP transaction. Each issuer uses private details on what dictates the code, but those factors listed here will give you an idea of what to expect.
The CVV is not to be confused with the CSC, CIN, or CVC. Those are all synonyms for the CVV, as they enter the same concept. These three sound-alikes stand for the Card Security Code, Card Identification Number, and Card Verification Code.
In most cases, the CVV appears on the back of a card and features three digits. For American Express cards, the CVV is on the front and has four digits.
Two Parts of the CVV
The CVV comes with two distinct parts that confirm someone’s identity without losing anything of value:
- The digits on the card are the ones that work for an online or phone transaction.
- There’s a small magnetic stripe next to the number. It contains the CVV info that the card reader can identify when the customer swipes the card through a magnetic reader.
The General Goal
The overall goal of the CVV is to ensure the customer who is using the card is the correct one. The customer must have one’s card in hand to complete a transaction. The physical card is the only item that has the CVV necessary for finishing a CNP transaction. The effort reduces the threat of fraud.
What About the PIN?
The CVV helps identify the customer in the credit card processing effort, but it is not to be confused with the Personal Identification Number or PIN. The PIN is for when someone is completing an in-person transaction or is trying to collect money from an ATM. The CVV will confirm the person’s identity before that person adds the PIN as an additional layer of protection.
Customers are encouraged to use unique PINs that are separate from the CVVs on their cards. It is harder for people to successfully guess a PIN when it is separate enough from the CVV listed directly on the card. The PIN is often four digits long, but someone could still add a digit to the CVV to create something new. But that would still be too easy for someone to pick when stealing data.
Storage Considerations
You must be cautious when handling a CVV number in your credit card processing effort. The CVV number should not be stored in your credit card database after you collect the content. PCI compliance standards state that all CVV data must be kept private if any credit card data in a space is lost for any reason.
The CVV is to confirm the user’s identity when first entering the card data. The CVV cannot stay in the database, or else it will be exposed to potential data thieves. By keeping the CVV off of the report, it becomes harder for anyone to try and use a card.
Handle Your Cards Responsibly
Always be certain when handling credit cards that you manage everything right. You can use these points surrounding the CVV number when handling the work:
- Keep the space where the customer will enter one’s CVV number clear on your order forms. An online merchant services team can help you produce card entry forms that express this point well.
- Never ask for the PIN if the customer is completing a CNP transaction. Asking for the PIN instead of the CVV might keep the transaction from going forward.
- Do not save CVV data on your credit card databases. You will violate PCI compliance standards if you keep the CVV in the space. You can secure the address data and other card factors, but the CVV must be removed to prevent possible theft in that database.
Is It Always Going To Protect People
Be advised that while a CVV number can be useful when protecting people, it isn’t always going to be fully effective. It is possible someone who isn’t the person who owns the card could acquire the physical card. That person can use the CVV for CNP transactions if that person prefers.
Phishing attempts may also be a threat. Phishing entails a scammer asking a person for a credit card number with the CVV included. That person might contact you to complete a transaction with that stolen data.
You’ll still need to be cautious when managing your credit card processing efforts. Requesting the CVV number data from your customers will be essential in keeping all transactions safe. But the risk of fraud is never going to disappear. You can keep your CVV data safe when you look at what works.
