What is a CVV?

The card verification value (CVV), is a three- or four-digit code on the back of a debit or credit card. It is sometimes referred to as a CID, or card identification number. This unique code is used to verify that a shopper has physical access to the card they’re using to pay for goods or services. Other qualities of a card can be stolen or copied through methods like using a card skimmer, but the CVV won’t be recorded through those methods, making the CVV a useful and important authenticator in online card transactions.

card verification value

Why do merchants ask for a CVV?

When paying online or via phone, merchants request the CVV to check whether it matches the information from the issuing bank. Banks and credit card companies use advanced algorithms that are impossible to spoof to generate CVVs. They are based on information like the account number or expiration date of the card.

Asking for the CVV during checkout protects merchants and consumers from card-not-present fraud. This fraud is on the rise. In fact, payment fraud involving credit cards amounts to $100 billion in losses each year globally.

How to protect your card verification value

Preventing your CVV from falling into the wrong hands protects you from criminals making unauthorized transactions with your card.

Even though data breaches are a major concern, the risk of hackers stealing CVV numbers during breaches is very low since PCI standards specify that merchants shouldn’t store CVVs once a transaction is completed.

Merchants can even process recurring payments without a CVV once they obtain the proper authorization from the user to avoid storing this sensitive information.

Nonetheless, consumers should be aware of a few things in order to protect their card verification value and other information:

  • Phishing is a common way of stealing payment credentials. With three billion phishing emails sent daily, it pays to be wary of any email requests to share payment details.
  • Phishing isn’t limited to emails. Some scammers use sophisticated social engineering schemes that involve calling victims to trick them into sharing sensitive payment information. Don’t do it. Credit card companies won’t ask for this information over the phone.
  • Malware such as keyloggers can spy on a user and record everything they type online, including credit card numbers, before sending this information back to a hacker.

Protect Your Business with Fraud.net

As a business owner, you can protect your organization from phishing with an email shield.

Fraud.net’s Email AI solution can analyze multiple data points to spot malicious emails and alert users that a message could contain malware or come from a criminal phishing for payment credentials.

Contact us today for a free demo and product recommendations.