Shopping online or via mobile offers important advantages for consumers and merchants alike:
However, there is a downside to card-not-present (CNP) transactions.
It becomes much harder for merchants to verify if the card account holder is the same person who is making the purchase. If a criminal knows a customer’s card number, name and billing address, he can initiate unauthorized and anonymous transactions.
To help prevent this type of credit card fraud, many merchants and processors now require that customers provide a card verification value (CVV) or card identification number (CID) during the checkout process. You may have also heard these terms before – CVV2, CV2, CCV – whichever acronym you’re most familiar with, the concept is the same in each case.
This value is the three-digit code located to the right of the signature strip on the back of most major credit and debit cards, or the four-digit code at the top right corner on the front of American Express cards. These CVV codes are considered “static” because they are imprinted on the credit or debit card and will not change unless the customer is issued a new card.
The CVV process is simple: The customer places an order with the merchant and is then requested to provide the CVV along with other standard information, such as name, billing address and credit card number. The merchant sends the code to the card issuer to authorize. The CVV is checked for validity against what the card issuer has on file and sends back an authorization or decline to the merchant.
Although this extra security requirement does help to reduce fraud, CVVs can be stolen along with the rest of the credit card information. This could happen when:
Now, there is a growing movement to use dynamic CVV codes that offer even greater protection against unauthorized purchases.
Instead of having a static three- or four-digit code on the back or front of the card, dynamic CVV technology creates a new code periodically. There are a couple of different types of this technology:
Dynamic CVV technology is still relatively new, and it’ll take some time for this technology to go mainstream in the payments industry. Still, this security measure shows a lot of promise — especially as online credit card fraud continues to increase nearly five years after U.S. adoption of the EMV standard for in-store purchases.
If you are a merchant and are interested in learning about fraud protection for your business, contact our team of payments experts today.