very interesting question.

problem is that many many people do NOT understand what CVV2 code is.

we had a similar problem, and then made dure next to the field there was text link which said "What is CVV2" this led to a pop up with both MC/Visa, and Amex screenshots with text about how to find it.

problem was solved.

I think there is avery very small % of cards that do NOT have CVV2

Shak

Thanks for your reply Shak.

I'm sure that is not a problem here. I am using the WorldPay's standard payment page which has a good pop up help page.

I can't tell whether the lower conversion is due to asking for CVV2 or due to seasonal fluctuations.

Anyone else have experience with CVV2/security code?

Thanks

We've required CVV since day one, and our customers are mostly "little old ladies" who don't know much about the internet - no problems whatsoever, aside from the customer's inability to clearly read the code on cards that have been used a lot... But maybe that goes back to them being "little old ladies" who can't see too well... ;-)

Make sure that you explain that asking for their CVV code is for their protection and that you're making sure a thief who stole a credit card number can't use that number unless he has the card as well.

CVV does not seem as useful as a deterent to fraud. If every merchant asks for it and their credit card database is hacked then that CVV information I assume is also available along with the credit card numbers. For domestic purchases, it seems like a waste of time to me.

Does entering the CVV reduce the credit card processing rate you are charged by your merchant processor?

Sun,

You are exactly right...it is a waste of time and money. There was just recently a fraud case in which a waitress was photographing cc #'s along with the CVV with her cell phone camera. They estimated she racked up around $100,000 worth of solen merchandise along with a personal database of over 100 CC #'s with matching CVV's.

Its not even a deterant for fraud anymore its a bump in the road.

I don't think it helps much either. If somebody is stealing cc numbers they know to get that.

>Does entering the CVV reduce the credit card processing rate you are charged by your merchant processor?

Not for me.

From the latter posts, it sounds like I should not bother to ask for it.

I thank everyone for sharing your insights.

I believe it should give you better protection against charge backs.

As for the hacked databases: CVV numbers are not supposed to be stored. Ever. I hope the vendors that had that data stolen were hit with huge penalties.

[edit]What hacked databases? Sorry - jumping between different threads and I read something that wasn't there (again).[/edit]

[edit2]Ah - so there was mention of hacking databases (in Sun818's post). So the answer to that is that the CVV info should NOT be in the database.[/edit2]

yeah, the CVV number is supposed to prove that the person entering the card number actually has possesion of the card...eg, its not cloned.

a simple pop up with a little piccy explaining where on the card it is...how many digits and where amex has theirs really helps.

also if you put a line of text explaining how this makes internet shopping safer, users feel re-assured and more willing to purchase from you in future!

Tom.

> CVV info should NOT be in the database

Hi, that is good to know. I did not know this.

To me, the security requirements need to increase as the dollar value goes up and/or you are dealing with international destinations. For a $50.00 USD transaction, I will not require my buyers to enter CVV. But if the transaction is for $1,000.00 USD or more, I will want my buyers to go through the security requirements. CVV would be but one of many steps to provide proof of card ownership and authorization. Won't go into the other details because not everyone who reads this public forum is honest.

Basically you have no protection against a fraudulent chargeback when you collect CVV. That's the bottom line. I can understand where most are coming from in collecting that information. It's a minor way to try and deter criminals but it is no guarantee. If you recieve a chargeback you can't go and say....hey I collected the CVV. The bank will laugh at you. Your only hope is VbV, SecureCode and the 3d secure programs. It is the only way right now to stop fraudulent chargebacks. Its not perfect but its the closest the ecommerce world has ever seen.

Thanks for your replies everyone.

>Verified by Visa and SecureCode
Do credit card processors typically charge the merchant more for this? Is it expensive?

Its an additional charge typically based on your annual transaction volume. It functions independently from your Gateway and processor on your own server. We have a licensed access to the software and we only pay for what we use. We installed it...they run it, do the updates, monitor it, and keep it in the latest versions so we never have to worry about it.

Unlike your discount rate it isn't based on a percentage. One of the perks of the program is that Visa lowers your interchange rate immediately starting with your merchant bank. This means that if you have high average ticket price the lowered interchange rate will cancel out the per transcation fee...which is the case for our company. The programs are deliverded by certified vendor companies. Stick to the ones recommended by Visa and MasterCard. I can recommend you our vendor if you like.

Where does one get those "where is the CVV2" graphics?

A LOT of customers think the CVV number is the last
three digits of thier credit card number.

What we do is, if CVV check fails and customer entered value = last 3 digits of CC, then cleary tell the customer, It is NOT the last three digits of your credit card. It is the number at the BACK.

I just called my merchant account provider and found out that submitting or not submitting CVV makes no difference in the discount rate. I had previously been under the impression that it made a difference between the "qualified", "mid-qual" and "nonqual" discount rates for transactions, but I guess I was wrong.

So I'm re-thinking whether I need to continue to require CVV during checkout. I'm in a business where fraud is a non-issue and we do end up with a significant number of customers who screw up the CVV code when they enter it, requiring an additional round of e-mail or phone calls to get it corrected before we can process the order.

If it's causing me more work and not saving me any money, that I guess I don't really need it after all...

Glad this discussion came up!

PS - regarding the graphics, one could always search for CVV or CVVS at google or elsewhere and find a plethora of images suitable for using... ;-)

For what it's worth, one of the cards we accept charges us a hefty per-transaction fee for card-not-present transactions- but the fee is waived if CVV2 validation is performed.

Just to let you guys know what I found...

I have removed the requirement for CVV2 in our payment form. Now, it looks like sales have increased back to normal levels.

If real, the effect could not have been caused by confusion about what is the CVV2, because we have a pop up help with a good image of where this code is on the card.

Thanks to all for your comments.

Does entering the CVV reduce the credit card processing rate you are charged by your merchant processor?

If possible, I would ASK for CVV but not require it.

Discover has already started charging card not present merchanta an extra $0.50 on a transaction where CVV information is not supplied. Visa and Mastercard ARE following suit, either charging a higher discount rate OR an additional charge, for internet transactions without CVV.

We have a few e-com sites that deal with a variety of markets, and none of them have experienced any negative conversion rates with CVV2/Card Code validation requirements. Personally, I feel that most online consumers are used to this requirement by now.

With that said, we have noticed a major backlash when requiring Authorize.Net's Fraud Screen program. It has caused a tremendous loss in revenue. We assume many consumers have a different billing address, cardholder name, etc., and there in lies the problem.

Anyway, CVV2 should be a walk in the park by comparison. So long as you use all other available address verification system variables, plus any terms of your own (i.e. only shipping to the cardholder's billing address), you should be covered.

HTH,

CF