Card Security Code


Card Security Code

The Card Security Code (CSC), sometimes called Card Verification Value (CVV), Card Verification Value Code (CVVC), Card Verification Code (CVC), or Verification Code (V-Code or V Code) is a security feature for credit or debit card transactions, giving increased protection against credit card fraud.

There are actually several types of security codes:
* The first code, called CVC1 or CVV1, is encoded on the magnetic stripe of the card and used for transactions in person.
* The second code, and the most cited, is CVV2 or CVC2. This CSC (also known as a CCID or Credit Card ID) is often asked for by merchants for them to secure "card not present" transactions occurring over the Internet, by mail, fax or over the phone. In many countries in Western Europe, due to increased attempts at card fraud, it is now mandatory to provide this code when the cardholder is not present in person.
* Contactless Card and Chip cards may supply their own codes generated electronically, such as iCVV or Dynamic CVV.

The CVC should not be confused with the standard card account number appearing in embossed or printed digits. (The standard card number undergoes a separate validation algorithm called the Luhn algorithm which serves to determine whether a given card's number is appropriate.)

The CVC should not be confused with PIN codes such as MasterCard SecureCode. These codes are not printed or embedded in the card but are entered at the time of transaction using a keypad.

Location of CVV2

The CVV2 is a 3- or 4-digit value printed on the card or signature strip, but not encoded on the magnetic stripe.

* MasterCard, Visa, Discover, and JCB credit and debit cards have a 3-digit code, called the "CVC2" (card validation code), "CVV2" (card verification value), and "CID" (card identification number), respectively. It is not embossed like the card number, and is always the final group of numbers printed on the back signature panel of the card. New North American MasterCard and Visa cards feature the "CVC2" in a separate panel to the right of the signature strip. [ [http://www.visa.ca/en/merchant/fraudprevention/cardfeatures.cfm Card Security Features and Acceptance, Merchant Resources | Visa.ca ] ] This has been done to prevent overwriting of the numbers by signing the card.

* American Express cards have a 4-digit code printed on the front side of the card above the number, referred to as the CID (or Unique Card Code). It is printed flat, not embossed like the card number.

The number is generated when the card is issued, by hashing the card number and expiration date under a key known only to the issuing bank. Supplying this code in a transaction is intended to verify that the customer has the card in their possession. Knowledge of the code proves that the customer has seen the card, or has seen a record made by somebody who saw the card. To date, no cracks for this system are known.

Security benefits of CVV2

Since the CVV2 is not contained on the magnetic stripe of the card, it is not typically included in the transaction when the card is used face to face at a merchant. However, some merchants in North America, such as Sears and Staples, have recently begun requiring the code. For American Express cards, this has been an invariable practice (for "card not present" transactions) in European Union (EU) states like Ireland and the United Kingdom since the start of 2005. This provides a level of protection to the bank/cardholder, in that a corrupt merchant cannot simply capture the magnetic stripe details of a card and use them later for "card not present" purchases over the phone, mail order or Internet. To do this, a merchant would also have to note the CVV2 visually and record it, which is more likely to arouse the cardholder's suspicion.

Online merchants who require the CVV2 in their transactions are forbidden in the USA by Visa from storing the CVV2 once the individual transaction is authorized and completed.http://usa.visa.com/download/merchants/rules_for_visa_merchants.pdf ] This way, if a database of transactions is compromised, the CVV2 is not included, and the stolen card numbers are less useful.

CVV2 limitations

* The use of the CVV2 cannot protect against phishing scams, where the cardholder is tricked into entering the CVV2 among other card details via a fraudulent website. The growth in phishing has reduced the real-world effectiveness of the CVV2 as an anti-fraud device. There is now also a scam where a phisher has already obtained the card account number (perhaps by hacking a merchant database or from a poorly designed receipt) and gives this information "to" the victims (lulling them into a false sense of security) before asking for the CVV2 (which is all that the phisher needs). [http://www.snopes.com/crime/warnings/creditcard.asp Urban Legends Reference Pages: Visa Fraud Investigation Scam ] ]
* Since the CVV2 may not be stored by the merchant for any length of time (after the original transaction in which the CVV2 was quoted and then authorized and completed), a merchant who needs to regularly bill a card for a regular subscription would not be able to provide the code after the initial transaction.
* Some card issuers do not yet use the CVV2 - although MasterCard started in 1997 and Visa in the USA had them issued by 2001. This means the use of CVV2 codes must remain optional (for merchants); however, transactions without CVV2 are likely to be subjected to more stringent fraud screening, and fraudulent transactions without CVV2 are more likely to be resolved in favour of the cardholder. As of 2008, most mainstream online merchants refuse to complete a transaction without CVV2, so a user who doesn't have CVV2, can't buy their services.Fact|date=March 2008

ee also

* Credit card fraud
* ISO 8583 (Data element #44 carries the Security Code response)

References


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Card security code — The Card security code is located on the back of MasterCard, Visa and Discover credit or debit cards and is typically a separate group of 3 digits to the right of the signature strip …   Wikipedia

  • Card Validation Code — Der Card Validation Code (CVC) (auch Card Verification Value (CVV), Card Security Code (CSC) oder Kartenprüfnummer (KPN)) ist ein Sicherheitsmerkmal auf Kreditkarten. Die Prüfnummer soll die Nutzung von gefälschten oder gestohlenen… …   Deutsch Wikipedia

  • Message security code —   An ISO term. A verification between a card acceptor and a card issuer to indicate that a message is authorised to update or modify a special file. 64b …   International financial encyclopaedia

  • Card not present transaction — A card not present transaction (CNP) is a credit card purchase made over the telephone or over the Internet where the physical card has not been swiped into a reader. It is a major route for credit card fraud. If a fraudulent transaction is… …   Wikipedia

  • code — [kəʊd ǁ koʊd] noun 1. [countable] LAW a complete set of written rules or laws: • Each state in the US has a different criminal and civil code. ˈbuilding code [countable] LAW a set of rules that states what features a new building, bridge etc… …   Financial and business terms

  • Security guard — Private factory guard Occupation Activity sectors Security Description A security guard (or security officer) is a person who is paid to protect pro …   Wikipedia

  • Card sharing — is a method by which independent receivers obtain simultaneous access to a pay television network, using one legitimate conditional access subscription card. Typically, the legitimate card is attached to a personal computer or Dreambox which is… …   Wikipedia

  • Code 10 — calls are made when merchants are suspicious about accepting a credit card. The phrase Code 10 authorization is used to avoid alerting the customer to the fact that the merchant is suspicious of their card. The operator then asks the merchant a… …   Wikipedia

  • Security and safety features new to Windows Vista — There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.Beginning in early 2002 with Microsoft s announcement of their Trustworthy Computing… …   Wikipedia

  • Card reader — A card reader is a data input device that reads data from a card shaped storage medium. Historically, paper or cardboard punched cards were used throughout the first several decades of the computer industry to store information and write programs …   Wikipedia


We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.