CVV is an acronym for “card verification value.” The CVV is a security code that’s stamped somewhere on your credit card and/or debit card. It’s designed to prevent fraud. A CVV is also referred to as a CSC number for “card security code.” A CVV is not your card’s personal identification number or PIN, which is a special, usually 4-digit code you create to use your credit or debit card at an automated teller machine or ATM.
Most of the time, CVV codes are three numbers or digits and are stamped on the back of your credit card. Some credit card companies do things a little differently. American Express, for example, issues a 4-digit CVV code that’s on the front of the card in small print just above the primary card number.
No credit card comes without a CVV code. The codes are primarily used for “card not present transactions,” such as online shopping or shopping on the phone when the actual card isn’t seen by the merchant or scanned in a reader. By having you enter—or speak—the 3 or 4-digit CVV code, a merchant can verify that you have the card in hand instead of just a credit card number that’s been stolen.
That matters because Credit card and identity fraud are serious problems. The 2016 Global Customer Fraud: Where Card Fraud is Coming From a study conducted by Aite Group for ACI Worldwide found that nearly one-third of credit card users were victims of card fraud over a five-year period. In addition, 17% of people surveyed were victimized more than once.
One way to stop fraudulent transactions is the CVV.
There are really two main different CVV numbers, but multiple acronyms to describe them. Other acronyms to describe CVVs include card verification code or CVC, credit card code verification or CCVC, card code verification or CCV, and CCID or card identification number and CCID or credit card identification number.
The key difference is whether the number is followed by no number or a 2 or a 1. When followed by no number or a 2, the number is physically stamped on the card. When followed by a 1, it’s coded in the magnetic strip.
- CVV—aka CVV2—and CVC2 or CCID are used to describe the number stamped on your physical card. Visa uses CVV2 to describe its CVV.
- CVV1 and CVC1 are coded in the magnetic strip on your card.
Regardless of the acronym, CVVs or CVV2s protect you—the cardholder—and the merchant from fraudulent online or phone purchases.
How Does the CVV Help Prevent Fraud?
When a hacker or identity thief gets access to your credit card information, the data they get is often limited to your primary 16-digit credit card number and your card’s expiration date. PCI standards prohibit retailers from storing your CVV. So even if a hacker gets access to your credit card data through a merchant, he or she won’t have your CVV and so can’t make purchases with your card number.
Without the CVV, a thief can’t make an online purchase or a phone purchase at a merchant that requires a CVV be provided. And most do.
CVV codes don’t though protect you against all forms of fraud. For example, if your card is stored on a merchant’s site that’s hacked or your credit card issuer falls victim to a data breach, the hacker or malicious party responsible for the breach might get access to all your credit card data, including your CVV.
Nonetheless, your CVV code does protect you and a merchant—just not 100%. Still, some protection is better than no protection.
How Chip Technology Adds to CVV Protections
All major credit card issuers today issues cards with chips or EMV technology. Chip credit cards use CVV2. One of the special things about chip technology is that the chips generate a unique CVV code with each transaction that involves the card present and actually scanned. The older magnetic strip technology had the same static information coded in the strip. The chip on the other hand dynamically changes the CVV information with each use.
And the dynamic CVVs are different from the one printed on the back of your card. The CVV is in play all the time, but it’s consistently different for online purchases or purchases involving card readers.
How CVV and Credit Card Security Continue to Evolve
The credit card industry is continually working to find new and innovative ways to ensure that hackers can’t take advantage of credit card holders. One company working on the issue is Idemia, formerly Oberthur Technologies, a digital payment and security startup based in France. Idemia is working on new credit card protection methods, including a dynamic security code that replaces your CVV code every hour.
The company boasts a new technology dubbed “Motion Code.” Instead of having a card with the CVV code printed on it, you’re issued a digital CVV that changes every 30 to 60 minutes. A new code each hour limits the timeframe hackers have to use your credit card even when the hacker has your physical card in hand.
Ways to Protect Yourself from Fraud in Addition to Your CVV
There’s no fool-proof way to ensure your credit card information never falls into the wrong hands. But there are a few simple ways to help including:
- Avoid shopping online at merchants that don’t ask for your CVV number.
- Read and understand the security practices of any merchant you do business with.
- Avoid storing your credit card at any online merchant or a merchant you do business with over the phone or us a single service, such as PayPal for all online transactions.
- Ensure your credit card issuer offers fraud protection.
- Check your credit card statements regularly. If you see any suspicious purchases, call your card issuer immediately.
- Check and keep track of your credit score. You can get your free Experian credit score on Credit.com. Sudden changes in your score can let you know you’ve been a victim of fraud or identity theft.