What is up with the CVV2 Code?

The Card Security Code is located on the back of MasterCard, Visa and Discover credit or debit cards and is typically a separate group of 3 digits to the right of the signature strip.

Many merchants believe that adding a cardholder’s three or four digit CVV2 code for a “card not present” (CNP) transaction will help qualify the transaction for a lower discount rate. However that is not the case; the CVV2 code is only valuable to protect against credit card fraud and has nothing to do with rate qualification.

CVV2 stands for Card Verification Value and was introduced by MasterCard in 1997 and Visa in 2001. For ‘swiped’ transactions, the value is referred to as CVV1. Each of the card brands has its own acronym:

Visa: CVV2 - Card Verification Value
MasterCard: CVC2 - Card Validation Code
American Express: CID – Unique Card Code (and 4 digits)
Discover: CID – Card Identification Number

Merchants are able to configure payment processing systems, like payment gateways and Point of Sale software, to accept or decline transaction requests based upon the match or mismatch of CVV2 information. For example, if a merchant creates a rule to decline all transactions where the CVV2 value does not match, the authorization request could be successful with the issuing bank, but the transaction will be denied by the merchant. Even though the transaction was denied by the merchant, the consumer’s card will still be authorized.

One thing to know about this code is that PCI DSS compliance prohibits merchants from storing the CVV2 code. For recurring billing, merchants can accept and validate the CVV2 value during the initial authorization but cannot store it for additional transactions. This should not be problem since after the initial validation, there really is no value in storing this code.

Like this post? Then subscribe by RSS | Email