What you didn't know about your card's CVV
There is more to the CVV code than meets the eye. We dare to assume that most cardholders are aware of the security functionality of the much-talked-about 3 (sometimes 4)-digit code. But beyond addressing the obvious security functionalities of this code, we want to highlight other aspects that are of utmost importance.
For instance, did you know that this little code inspired the development of an advanced technology called 'Dynamic CVV'? (Which we'll definitely address further in the text.)
In this article, we’ll go over the following topics surrounding the CVV code:
Basic concepts
Different names and types
Exceptions of the CVV code on German debit cards
Dynamic CVV
Tips for card data protection
What does CVV stand for?
The CVV code, also known as CVV2, stands for Card Verification Value.
This is a basic security measure financial institutions use to help card holders confirm transactions online or by phone.
(Although we predict that the latter will be soon in disuse as more and more people are turning to digital alternatives to make purchases.)
What do we mean by ‘basic security measure’?
With this code, businesses have some type of assurance that the person making the transaction is the real user.
Yet, it is necessary to keep it confidential because it could lead to identity theft and other types of fraud.
Code Naming Variants
Each financial institution gives the code a different name.
Here are some examples:
Card Verification Value (CVV) - Visa
Card Variation Code (CVC) - Mastercard
Card Identification Number (CID) - American Express (4 digit- code, placed at the front)
Card Security Code (CSC) - some debit cards (not in Germany)
Types of CVV codes
What credit card has a 3 digit CVV code?
As mentioned above, Mastercard and Visa share the 3-digit CVV code, and in both cases it is located on the back of the card.
So far so clear.
Now, we will mention the two types of CVV code variants and what each entails.
CVV1 vs. CVV2: How do these CVV codes work
The CVV1 or CVV Type 1 corresponds to the last four digits of the main numbering on the front of the card. This is used for transactions where the card is physically present.
This code is encrypted in the second track of the credit card's magnetic stripe, and the value of the code is obtained at the moment the card is swiped in the POS (Point of Sale) machine.
This information is sent to the bank, which in a matter of seconds authorizes the purchase.
Is there a higher risk of fraud with CVV1?
In short, yes.
If someone were to duplicate the card's magnetic stripe, the CVV1 will continue to be active, allowing unauthorized purchases by bad actors.
CVV2, or CVV Type 2, is simply a fancier name for CVV.
This code helps you complete transactions where your card is not physically present.
In other words, it allows you to validate Internet or telephone purchases.
Back in the day, giving out this security number was the bread and butter of airline ticket purchases, hotel reservations, or when buying infomercial products.
Nowadays, you most likely have to use it when buying products on eCommerce platforms, or when signing up for software subscriptions and streaming platforms.
IMPORTANT: Please note that this code will not always be requested. It will depend on various aspects such as the type of business and the law that regulates the financial transactions of the country.
Where can I find the CVV on a girocard?
In Germany, girocards, unlike credit cards, do not have a CVV.
A girocard (formerly known as EC-Karte) is equivalent to what is known in many countries as a debit card. It can be issued by Visa, JCB (Japan Credit Bureau), or Maestro (Mastercard).
Although the design and format of each girocard changes from one bank to another, this is the information you will come across:
Front
Card Holder Name
IBAN (International Bank Account Number)
Card expiration date
Chip
Logo of the financial institution (Visa or Mastercard)
Back
Your bank's emergency phone number
BIC (Bank Identifier Code) - known as SWIFT code in other countries
Signature field
Logos of girocard and the institution that allows you to make payments with the card’s chip
Magnetic stripe
POS Terminal regulation for German girocards
Although in Germany girocards do not have a CVV code, the German Banking Industry Committee (GBIC) introduced a set of requirements and rules for POS terminals and girocards that came into force at the beginning of 2022.
These rules are designed to make in-store payments secure and convenient for users.
Here is a summary of some the most important take-aways:
As of 01.01.2022, it is the responsibility of merchants to offer terminals with the DC POS 3.0/TA 7.2 software upgrade.
Terminals that do not comply with software that facilitates contactless payments cannot be used after 01.01.2025.
Mastercard released a statement informing that, as of September 30, 2022, terminals that do not comply with TA 7.2 will be charged an additional fee per transaction every time the user is required to enter a PIN for contactless payments.
To learn more, click here.
The Dynamic CVV
Many local banks are gradually transitioning to online banking.
This allows them to offer virtual cards in addition to the traditional physical cards. These can be managed through their app.
The beauty of these virtual cards is that customers get to use them immediately, without having to wait for the physical cards to arrive by mail.
Some banks also offer dynamic CVVs or PIN numbers as an additional benefit when using virtual cards.
This technology allows these security codes to change randomly each time an online purchase is made, camouflaging the information printed on the physical cards.
How to protect your CVV code from scammers
Unfortunately, the CVV code (CVV2) cannot prevent all forms of identity theft and fraud.
However, there are other strategies that can help you protect your sensitive credit card information from slick scammers.
Here are some examples:
1. Do not allow strangers to have access to your card.
While this may seem obvious, there have been cases in which users have allowed "bona fide" strangers to help them make ATM transactions.
Preferably, go to bank branches whenever you know there will be authorized personnel to assist you in case you face a problem.
2. Never respond to text messages asking you to submit sensitive data.
Your bank will NEVER ask you to make transaction confirmations or accept loan offers through an SMS message by inserting your card details.
Block the phone number, and always be sure to call your bank to confirm that the text message was sent by them.
3. Delete photos that show your card information.
Scammers have become more and more cunning. And now, they no longer need the CVV code to commit their crimes.
Be aware of this, and delete photos from your phone that contain confidential information.
4. Make payments only on websites protected by TLS or SSL technologies.
TLS (Transport Layer Security) - a more updated version of SSL (Secure Sockets Layer) - uses encrypted digital certificates. With these certificates, the information shared between two parties online remains secure.
This prevents hackers and scammers from stealing sensitive and valuable information such as a CVV code.
5. Opt to pay with your virtual cards online whenever possible.
Virtual cards also offer the option to use random card numbers and CVV for different transactions.
These only serve to camouflage the information printed on your physical cards and ensure greater security when paying online.
We hope you find these CVV security tips helpful.
If you want to know more about our best-in-class corporate card solution and how you can get the most out of your company's spend management, book a demo now.