CVV: What it is, how it works, CVV1 & CVV2
Credit card security has undoubtedly become one of the technological challenge in recent years. This is because of the increase in counterfeit credit cards, or, through the data theft through the cards.
There are several ways of protecting credit cards and one of the most traditional is the so-called security code also commonly known as CVV.
This traditional card security system is used at many places, most commonly for online shopping/bill payments, etc.
This article explains in detail about CVV.
What is CVV
The literal translation of CVV is Card Verification Value. As the name suggests, it is a value (numerical) used for card verification and identification.
This value is a small number (usually three digits) that not only appears on credit cards but can also appear on debit and prepaid cards.
The purpose of this code is to increase security of electronic transactions. This number is usually three or four digit found inside a framed box either on the back at the right end of the signature field.
There are different names for CVV such as:
- CVD (Card Verification Data)
- CCV (Card Code Verification)
- CVN (Card Verification Number)
- CVC (Card Verification Code)
- CID (Card Identification Data or Card Identification Code)
- CSC (Card Security Code)
- CVVC (Card Verification Value Code)
CVC code on the Mastercard
Like the CVV code, the CVC code has three digits and is located on the right-hand side of the signature box on the back of the credit card.
CID code on the American Express Card
Unlike Visa and Mastercard, the CID code is printed on the front of the credit card – to the right of the credit card number. The CID code has four digits.
In any case, the most common will always be the CVV and is considered standard for majority of credit cards.
What is CVV for?
All these codes have the same purpose: to ensure security at the time of making payment. The codes are checked only when the buyer cannot show the card to the seller, for example when paying by credit card over the Internet or by telephone. In the case of a payment in the shop, it is sufficient for the buyer to verify himself by signature or with his personal PIN.
Stolen credit card numbers cannot be used for online shopping without the CVV or CVC number, because the purchase cannot be completed without this number, even if the credit card number is correct. The CVV code cannot be derived from the credit card number and is only known if the card is actually physically present.
It is important to be clear that this code cancels any transaction if it is not provided. It makes no difference to know all other data on the card such as personal identification number or expiration date. If you do not provide the CVV code, the transaction cannot be carried out.
Logically, this is an additional method of protection but not a full proof security method. Because these three/four digits are very easy to memorize, and therefore, anyone who physically accesses cards can take note of such data.
Types of CVV
There are two different types of card verification code that would be classified by a numeric key, i.e. CVV1 and CVV2.
Let’s take a look at the similarities and differences between the two:
In this case, the code is embedded inside the second track of the magnetic stripe of the card itself. It is used in transactions in which the card is used in person.
When the card is inserted in the PoS, the code is encrypted and sent to the card issuer who will return the authorization, when the code is valid. The main disadvantage of this method is that when a fraudulent copy of the magnetic strips is made, the code is also copied and remains valid.
This is the most common code we all know and different than CVV1 which automatically reads the number. In case of CVV2, the code is requested to the card user during online transactions or while making payment over telephone.
CVV and Online Shopping
Internet purchases are carried out by most of us frequently through credit card and it is required to enter the security code of the card, i.e. the CVV.
And why do they ask for this number at the time of transacting over the Internet? For security.
This is a preventive way to avoid fraudulent actions. In this way, if the card’s Security Code is not known, the transaction will not be approved.
The main risks of credit cards
Reviewing one of the most common security measures for credit cards makes it very interesting to also review the main risks associated with the card.
Risk of credit card forgery
This is probably one of the threat increasing every year. A huge percentage of these frauds (estimated to be more than 60%) involve the unauthorized counterfeiting or duplication of cards.
Unfortunately there are not only different models when it comes to counterfeiting cards, but also these are becoming more sophisticated, and usually has the same goal: to obtain information and data and duplicate the magnetic stripe of the card to turn the counterfeit into an operative card with real data intended to operate fraudulently.
Lost or stolen credit card
This risk, theoretically more controllable by the user, is usually at the root of the problems with the cards. It is important to bear in mind that a large part of card fraud actions are related to theft or losses in which the offender uses a user’s real card to carry out operations at ATMs or remote purchases.
Theft of credit card data
In the United States, for example, this fact is one of the most widespread and is even at the same level as the duplication of cards. What the criminal is looking for, basically through the Internet, is obtain information and then use it in an unauthorized way.
Unfortunately there are other really sophisticated methods to obtain this information over the internet.