For making online purchases, most websites require customers to input the CVV code located on the back of their debit or credit card as an extra security measure after typing in the 15- or 16-digit credit card number. This is something that you as a merchant should require for online store transactions because it can help you prevent fraudulent purchases by verifying the identity of the customer. Let’s take a closer look at the CVV and how it can assist you as a merchant.
Image via Flickr by frankieleon
CVV is an acronym for “Card Verification Value.”
There are two different CVVs — CVV1 and CVV2. CVV1 is embedded into the magnetic strip on credit and debit cards. It’s not visible, but it’s the way merchants verify a card during a card-present transaction. CVV2 is the three-digit code on the back of a Visa or MasterCard (four-digit on the front of an American Express card). CVV2 is the one most consumers know about and are familiar with using during an online checkout process. CVV2 is important to online merchants because it helps verify the identity of customers and cuts down on stolen credit card number fraud.
At first glance, it’s hard to see how CVV codes add any extra protection for the merchant. After all, if someone steals a credit card, they have access to both the credit card number and the CVV code because both are located on the credit card itself. However, the way that a CVV code protects the merchant has to do with the way credit card information is stored in online store databases.
Businesses commonly store customer credit card information. This is a way to make checkout faster for returning customers because they don’t have to input the credit card information again when they make subsequent purchases. Storing this credit card information is perfectly legal. The problem is that business databases can be hacked, which can lead to compromised customer credit card information. This has happened to thousands of businesses, including large chain retailers like Home Depot and Target.
To protect both the customer and the merchant, online stores are not allowed to store CVV numbers. This is prohibited by the Payment Card Industry Data Security Standard. This way, even if customer credit card information is stolen, hackers cannot use the information quickly because they don’t have access to the CVV codes.
This may make you wonder why some online stores do not ask for the CVV code for each transaction. The reason is that customers had to input their CVV code when creating an account or adding a new credit card. They verify their identity each time they log on to the site, so there’s no reason to check their identity a second time with a CVV code. This is convenient for customers because it eliminates an extra step at checkout.
Most retailers require customers to input the CVV during initial card-not-present transactions, but you do not have to enable CVV verification on your website. Some merchants feel that the extra step is annoying to customers. However, most payment gateways and merchant service providers, especially high-risk merchant account providers, require the CVV, so you should check your merchant account terms before disabling CVV verification and make sure that you have another way of verifying your customers’ identities, such as through an online store account.
The biggest reason why you should use CVV verification is to protect your business from fraud. If a customer inputs an incorrect CVV code, you can reject the transaction. However, in most cases, the sale will still go through and simply be flagged as a non-match. This allows you to investigate whether a purchase is fraudulent. Your merchant service provider typically charges higher fees for flagged transactions. Since fraud is a major concern for high-risk merchant accounts, their providers may require CVV verification.
CVV codes are meant to protect your business from fraud and customers from identity theft. CVV codes do not reduce your credit card processing fees, but you save money in the long run because fewer fraudulent purchases are made. Customers should still watch out for phishing scams, but CVVs make these more challenging. Merchants can help customers feel secure by setting up payment gateways and merchant service accounts with CVV verification.