What Is a CVV on a Credit Card and How Does it Work?

The card verification value (CVV) is one of several security features that helps reduce fraudulent credit card transactions. Its primary purpose is to verify that a person making an online or over-the-phone purchase with a credit card has physical possession of that card.

In this article, we’ll cover why CVVs are essential and how they work so you can better understand how they strengthen your defences against credit card fraud.

What Is a CVV on a Credit Card?

The CVV is a three or four-digit number found on your credit or debit card, separate from the card number itself. It acts as an additional security layer during transactions. You’ll find this code on the back of MasterCard and Visa cards and the front of American Express cards. This code is crucial in online and over-the-phone transactions where the physical card is absent.

Image: Graphic showing the typical location of a CVV code on a credit card. (Source)

Why Do Credit Cards Have a CVV Code?

The CVV code provides an extra level of security for both businesses and customers. It’s primarily used in “card not present” transactions, such as online purchases or telephone orders.

The CVV proves that the person making the transaction has physical possession of the card because merchants are prohibited from storing CVV codes.

Asking for the CVV code adds a hurdle for potential fraudsters who have stolen card number data but don’t have the physical card.

The CVV code also helps you mitigate the risk of card chargebacks. These occur when a customer disputes a transaction and requests a refund from their credit card issuer. By requiring the CVV code, you can demonstrate that the customer had the card physically at the time of the transaction, making it harder for customers to falsely claim unauthorised or fraudulent activity.

How Does a CVV Work?

When a customer enters their CVV during checkout, it’s sent to the card issuer for verification. The issuer compares the CVV with the stored value to confirm its accuracy, allowing the transaction to proceed securely.

Let’s look at an example of how a CVV is used in a typical online transaction.

1. A customer decides to make a purchase from your online store, selecting their desired products and proceeding to the checkout page.
2. At checkout, they’re required to input several pieces of information, including the credit card number, expiration date, and CVV.
3. Upon entering these details, the customer submits the payment form, triggering a series of communications initiated by your payment gateway.
4. The payment gateway, which facilitates the secure transfer of payment information, sends the transaction details, including the CVV, to your merchant account.
5. Your merchant account, which serves primarily as a repository for funds, forwards these transaction details to the card issuer (e.g., Visa or MasterCard).
6. The card issuer checks the provided CVV against their records. If it matches, it deems the transaction legitimate.
7. If the CVV doesn’t match, the transaction is declined as a potential fraud risk.

This verification process happens within seconds, providing a seamless shopping experience for the customer. Still, robust checks are performed in those few seconds, significantly reducing the likelihood of fraudulent transactions slipping through the net.

Remember that a declined transaction due to a mismatched CVV can sometimes be a simple user error. So, it’s a good idea to offer customers the opportunity to re-enter their details before cancelling the transaction outright. This can be set up with your payment gateway.