If you have purchased something online in the past, chances are that you were required to enter your credit card’s card verification code, or CVC. However, since it is something that is not usually required in our day to day proceedings, many people are still caught off guard when suddenly asked for this code.
It certainly doesn’t help that the CVC has many names, with each credit card company calling it something different. This is unfortunate, because it has just made it harder for card holders to be aware of what this security checkpoint is and how it serves them. Here is a list of what the major credit card companies usually label their card verification code:
• MasterCard: CVC or CVC2 – card validation code
• VISA: CVV or CVV2 – card verification value
• American Express: CID – unique card code
• Discover: CID – card identification number
As you can see from this list, almost every card company refers to it differently, and even the two – American Express and Discover – that refer to it as the same acronym, CID, have different full phrases for the name. VISA and MasterCard also make things difficult by switching between sometimes labeling it with a “2” and sometimes not. This refers to the fact that there is specific information embedded in the card’s magnetic strip that is actually referred to as a card verification code, as well! This makes the CVC printed on the back of the card technically the second card verification code required.
However, it is the difference between these two card verification codes which adds protection for card holders. Unlike the code contained on the magnetic strip, the CVC2 is not picked up by card readers and these numbers are never transmitted when making a purchase. Usually they are not even required to be entered at all for card-present transactions. It should always be required to be entered when making a card-not-present purchase, though; this serves to prove that the customer has the card in their physical possession, since that is the only way the CVC can be found. When a merchant receives a CVC for running a transaction, they are required to not store this piece of information afterwards. This makes it so that if someone were to hack into their system and steal card holder data, they most likely would not be able to get 100% of it. Not having the CVC would cause them to be unable to use the card data to purchase items online, which is much easier to do than using stolen card data in person at a retail location.
Since the CVC is printed directly onto the card, though, there are some issues with this concept. As it is such a short number, only 3 or 4 digits, it is somewhat easy for someone who runs your card in person to memorize it if they should be so inclined. This is part of why the upcoming chip-and-pin cards are going to add so much to our credit card security. Not only will the chip replace the magnetic strip and transmit the card data in a much more secure way, but the pin will act as an additional checkpoint.
Similar to the CVC in that it is a secret number which authorizes use, the pin will never be printed directly onto a card, thereby never allowing the opportunity for someone to glance at your card and learn it. This will significantly help ensure that the card holder really is the only one with access to that information, and aid in making ecommerce safer and more reliable for both merchants and card holders.
If you are a card-not-present merchant, you want to make sure you are always requiring the CVC when running a transaction. Not only will this help you to avoid fraud and the costly chargebacks it can bring, but it will assist in getting you the lower Qualified-rate in regards to credit card fees. We recommend that you require the billing address, CVC, and provide an invoice number for each and every transaction. Not only will your customers feel more comfortable relying on your company’s system for security, but doing so will directly save you money!
As our love for our credit cards and digital forms of payment increases, so does our need for security. CVCs seek to add to this security, making it much harder for a card’s complete information to be stolen.