Getting to the bottom of that mysterious three- or four-digit number on your credit card
May 20, 2021
If you take a closer look at your credit card, you’ll notice a three- or four-digit number on the back or front of the card set apart from the rest of the numbers on the card. With a Visa®, Mastercard®, or Discover® card, the number is three digits long and on the back of the card. With an American Express® Card, the number is four digits long and resides on the front of the card.
This number is the card’s CVV, which stands for Card Verification Value. It can also be known as a CVV2 (Card Verification Value 2), CSC (Card Security Code), CID (Card Identification Number), or CVC (Card Validation Code). Or, if you’re ever asked for it by a merchant, they may simply refer to it as the card’s security code.
No matter what you call it, that number is there as an added layer of security and protection against fraud or unauthorized use.
Protects Card-Not-Present Transactions Only
Most credit cards today have an EMV chip, which helps protect your sensitive information from being stolen and used for fraudulent purchases by creating a unique, one-time-use code for every transaction you make with it. But an EMV chip only protects you on purchases made with the credit card present, as in you, or the merchant, inserts (or taps or waves, if it’s contactless) your credit card into (or onto or near) a terminal to facilitate the generation of this unique transaction code.
But an EMV chip does nothing to protect you on charges made without physically running the credit card, say, for online or over-the-phone purchases. That’s where the card’s CVV comes into play.
Many online retailers require a credit card’s CVV to be entered in order to authorize a purchase. So, even if a fraudster or hacker manages to acquire your credit card information and attempts to make unauthorized online purchases, without that three- or four-digit code, they shouldn’t be able to complete the transaction. The same holds true for phone orders. If a merchant asks for the CVV, and the fraudster doesn’t know it, the purchase should not be authorized.
In theory, anyway. The problem is that not all online merchants ask for a CVV. Nor do all merchants that accept phone orders. That’s because they’re not required to do so. So, a CVV is not a foolproof measure for preventing fraudulent charges. It’s simply an added layer of protection.
CVV Is Not the Same as a PIN
If you’re wondering if the CVV is the same as your credit card’s PIN (Personal Identification Number), as the subhead clearly states, the answer is no. So, please don’t enter your PIN in a CVV field when attempting to make an online purchase, because your purchase will almost certainly be denied.
The CVV is unique to your specific credit or debit card. (Yes, debit cards have them, too.) Not unique in that your card will be the only credit or debit card in the world with that CVV. There are only so many possible three- or four-digit combinations using the numerals zero through nine. But the CVV on your credit card is unique in that, should your card be stolen or lost and you replace it, or your card expires and you’re issued a new one, the new card you’re issued will not have the same CVV as the stolen, lost, or expired one it replaces.
Using a CVV
Putting a CVV into action is really just a matter of typing it into the appropriate field or relaying it to a merchant on the other end of the phone. You should really only ever need it for card-not-present transactions.
For purchases made with the credit card present, where the card is swiped/inserted/tapped/waved, entering your CVV shouldn’t be necessary. These are the types of transactions where a PIN may be required to complete the transaction, however.
CVVs Are Not Stored by Merchants
Online merchants are allowed to store some of your credit card information—name on the card, card number, and expiration date—if you authorize them to do so. But they’re not allowed to store your CVV. So, should a merchant’s database be breached by a hacker, the hacker shouldn’t be able to acquire your stored credit card’s CVV. This may seem like little consolation after your sensitive information has been compromised, but at least it makes it more difficult for thieves to make online purchases with your stolen credit card information.
It’s worth mentioning that some merchants that store your credit card information may only require you to enter your CVV the first time you make a purchase and not thereafter. So, should your credit card information be stolen by a hacker, they may be able to make purchases at these merchants without your CVV. Should a thief actually steal your physical credit card, they’ll obviously have everything they need, including the CVV, to make fraudulent purchases both instore and online.
It bears repeating: A CVV is an added layer of protection against fraud, not foolproof protection.
Protecting Your Information
Given that possessing your credit card number, expiration date, and CVV opens up a whole world of potential fraudulent purchases for a thief, you’re going to want to take precautions to protect this information. Most of these precautions are advice you’ve likely heard before, including but not limited to taking steps for safer online transactions like using secure passwords; avoiding public WiFi; using a VPN whenever possible; and only doing business with secure, trusted websites.
A little scrutiny and common sense could go a long way toward keeping your credit card’s sensitive information—including your CVV—safer.
Haven’t used a CVV yet? See if you Pre-Qualify for a Credit One Bank credit card guaranteed to have a CVV. It takes less than a minute and won’t harm your credit score.
After realizing he couldn’t pay back his outrageous film school student loans with rejection notices from Hollywood studios, Sean focused his screenwriting skills on scripting corporate videos. Videos led to marketing communications, which led to articles and, before he knew it, Sean was making a living as a writer. He continues to do so today by leveraging his expertise in credit, financial planning, wealth-building, and living your best life for Credit One Bank.
Goodbye traditional credit cards, hello chip cards! By now, your credit card provider has most likely sent you a new card emblazoned with a metal chip on the front. Credit cards with EMV (Europay, MasterCard®, and Visa®) chips have been used in Europe and Canada for years and are becoming a global standard. However, the new technology has left many Americans confused when it comes to the transaction process.
You swipe the magnetic stripe—or hopefully by now insert the EMV chip—of your card into the credit card terminal on the counter, wait a few seconds, politely decline a printed receipt from the friendly barista working the register, and walk out the door with your latte in hand. You don’t give what just took place a second thought until you receive your credit card statement showing a $6 charge for that caffeinated morning pick-me-up almost a month later.