With stores increasingly moving online, more and more of us are shopping digitally for everything from groceries to technology. It’s become standard practice to buy items online, and most of us enter our name, address and details in seconds.
But in addition to your other information, most sites also ask for a card verification value (CVV2) .
Much in the same way that we accept but don’t really consider how credit card processing works , the majority of us will enter this on autopilot. We never give a second thought to why it’s needed or what it’s even used for.
What is a CVV2 number?
Your CVV is typically a three or four digit number on your card, that acts as an additional form of protection when making card not present transactions, e.g. paying online or by phone.
For these payments, providing a CVV2 reassures both businesses and customers. Businesses are confident that they’re receiving a genuine payment, and card holders know only they can follow through with purchases.
It proves that you hold a physical version of your card, that your account is legitimate, and helps prevent it from being used should your details get hacked or stolen.
Though most commonly known as a CVV2, or Card Verification Value 2, some companies will also use interchangeable terms. It's also referred to as a CVV, CVC2 (Card Validation Code 2), and a CID (Card Identification Number).
Where do I find it?
Depending on the type of card, your CVV2 may be located in different places, and even go by different names.
The standard placement for most cards, such as Visa or Mastercard , is on the back of the card and printed next to the signature box. However American Express display their four digit Card Identification Number on the front. You can find it on the right hand side of the card above your account number.
What is the point of a CVV2 number?
Different payment methods have different standards of security, but with almost any type of payment you make, some form of verification is required to ensure that it’s really you making the purchase.
When you pay in person using chip and pin , the payment is reasonably secure. You are holding the card and entering a pin only you are aware of in order to confirm the purchase. Even payments made with contactless payment apps like Google Pay or Apple Pay are verified through unlocking your phone or device.
However, making payments online works a little differently. When merchants use online payment systems to take credit card or debit card transactions, they're legally allowed to store your card information, should you give the site permission.
If you repeatedly order from a site, it can be beneficial to have them hold your details. This saves hassle, keeping you from re-entering them every time you want to buy something. Unfortunately, with this convenience comes the possibility that if the site’s server is hacked, your details could be too.
This is where the security of a CVV2 comes in. As PCI compliance and data security standards prevent merchants from holding CVV2 numbers, your stolen details will only be usable for purchases that don’t require a CVV2.
Is it completely secure?
Unfortunately CVVs aren’t a total fail-safe, as though most transactions require a CVV2 at the payment gateway, there are exceptions.
Not every online merchant will ask for a CVV2 number to process the transaction, putting you at greater risk. Hackers can use your account for certain purchases if your details are stolen.
The best way to keep your information secure is to always avoid giving details to sites you’re wary of. Only store card information with merchants you’re confident are legitimate, and your details are more likely to stay secure.
