The Card Security Code, also known as the Card Verification Value (CVV), Card Verification Code (CVC), or Card Verification Number (CVN), is a three- or four-digit code printed on payment and credit cards. It is an additional security feature used to verify the legitimacy of a card during card-not-present (CNP) transactions.
Key aspects of the Card Security Code in the context of payment and credit cards, as well as its relation to the Payment Card Industry Data Security Standard (PCI DSS), include:
1. Purpose: The Card Security Code is intended to provide an extra layer of verification and help authenticate the card during CNP transactions, where the physical card is not present. It helps reduce the risk of fraudulent transactions by confirming that the person making the transaction has access to the physical card or the card's details.
2. Location: The Card Security Code is typically found on the back of a payment or credit card, although some card brands may place it on the front. For Visa, Mastercard, and Discover cards, it is a three-digit code printed in the signature panel, following the card's account number. For American Express cards, it is a four-digit code located on the front, above the card number.
3. Data Protection: The PCI DSS requires organizations handling cardholder data to implement measures to protect the Card Security Code. Merchants and service providers must adhere to strict security controls to prevent unauthorized access or storage of the code. Storing the Card Security Code after authorization is generally prohibited by the PCI DSS.
4. Authentication: During a CNP transaction, the merchant typically requests the Card Security Code from the cardholder. The cardholder provides the code, which is then transmitted to the payment processor or acquiring bank for verification. The code is compared with the value on file to authenticate the transaction.
5. Anti-Fraud Measures: The Card Security Code is an important tool in combating fraudulent activities in CNP transactions. Its purpose is to ensure that the person initiating the transaction has physical possession of the card and has access to the additional security code.
6. One-time Use: The Card Security Code is different from the card's magnetic stripe or chip data and is not stored on the card's magnetic stripe or chip. It is intended for one-time use during a specific transaction and is not used for subsequent transactions or card validations.
By requiring the Card Security Code during CNP transactions, merchants and payment processors can enhance the security of online and other card-not-present transactions. This additional code helps verify the authenticity of the card, reducing the risk of fraudulent transactions and protecting both the cardholder and the merchant from potential losses.