I use the CVV2 code to authenticate international orders, and then especially when the $$ amount is over $500. Our shopping cart does not collect CVV2, so I send an email and request it before processing. This has worked well so far.

"I came precariously close to losing a sale yesterday from a buyer who couldn't figure out what the code was and where it was located on the card"

you can improve this in the checkout by having images and closeups of the back of the card

CVV is a must in my opinion

I don't get this CVV2 business.

It's supposed to be a way to prove that you have the card in your possession; but that's a load of rubbish since any website into which you punch your CVV2 number can record it.

What's the deal?

it works though

we have prevented many potential frauds this year solely down to CVV

yes, their are pitfalls and ways round it, but it makes it just that little bit harder for the fraudster

Since merchants are forbidden by Visa/MC from storing CVV2 it is much less readily available to criminals (although not entirely, of course).

we have prevented many potential frauds this year solely down to CVV

Can you explain how? I don't understand how another 3 or 4 numbers makes any difference...!

well one way that a lot of frauds take place is from discarded credit card receipts.

these have the card number and the expiry date - all most fraudsters need.

if they dont have the credit card in their possesion and just a receipt like this then they cant fill in the CVV number and they cant order.

it does work - it is not foolproof - but it does help

You can improve this in the checkout by having images and closeups of the back of the card.

The best and only solution! Right after the text that reads enter CVV Code you have a link that reads What's This. That link opens up the page with that various CC providers (images of cards) and where the consumer can find their CVV Code.

Do a search in your favorite SE for "cvv code" and you'll find all the backup information you'll need on why this additional security feature is of benefit to your online store.

[edited by: pageoneresults at 8:10 pm (utc) on Nov. 7, 2003]

well one way that a lot of frauds take place is from discarded credit card receipts.

OK i'll buy that - what we're saying is that the CVV2 number is never printed out by EPOS machines etc.; preventing your average dumpster diver from buying online services and pretending to be you.

Thanks.

"The best and only solution! Right after the text that reads enter CVV Code you have a link that reads What's This. That link opens up the page with that various CC providers and where the consumer can find their CVV Code. "

thats how i learnt what CVV is, from someone elses site, so i then put it on mine

For those wondering what we are talking about...

CVV stands for Card Verification Value, sometimes also referred to as CVC (Card Verification Code), CVV-2 or CVC-2. The CVV code is an additional 3 or 4 digit security number that is printed (not embossed) on a credit card.

Thats how i learnt what CVV is, from someone elses site, so i then put it on mine.

Me too!

I request it on all orders but I require it on any order that is being shipped to an address other than the billing address.

It may intimidate a few people but the headaches it has saved me are worth 1 or 2 sales.

This time last year, without the CVV code, we were getting fraudulent orders. I then added it as a requirement in the shopping cart and fraud has been cut back bigtime. There is an explanation of the code, what it is and where to find it for the customers - people don't drop out now because of that.

It's good, I would advise any merchant to use it.

Here is another take on this issue:

I have very few instances of fraud, and most of my customers are in the US. Every time I have tested using the CVV2 value, orders plummeted to zero. My average ticket is low (less than $50USD) and I get less than 10 orders a day. It is far better for me to weed out suspicious orders manually than loose sales by having the very imperfect CVV2 value do it for me. My situation may be unique, but this is what works the best. My point? CVV2 can hurt more than it helps in some situations. In my case it's a business killer.

Just get used to logging on to your gateway before midnight and checking the transactions. Void the ones you know are bad. No fees and no lost sales.

I ask for it and do not require it. Most customers use it. Not all countries support it, and funny even some smaller US issuers (like teeny tine credit unions) aren't set up to use it with the real time processing. I don't remember the response code, but it's something like "issuer has not provided Visa/Mastercard with cvv encryption keys or something."

Too bad for them because if a US issuer does not support CVV2, then they lose all fraudulent chargebacks. AUTOMATICALLY. It's in the Visa chargeback management guide.

I used to have authorize.net automatically reject transactions where CVV2 did not match, but it was rejecting some very legitimate, high value transactions (not abnormally high, but high enough for me to care). Sometimes customers can't figure out the number and put anything in and sometimes, you just get the wrong response from the gateway even though the data is right (happens much more often with AVS).

This becomes the problem.....the ability for YOU to ask for it and make the decision.

I switched cc processors a few years back, and spent an insane amount of money, only to find out their system REQUIRED AN AVS MATCH or would reject the order, period - no choices, no workaround.

While this is great in theory, customers will do what they want during the checkout process. They're buying a $20 item, they know that THEY are honest, and will not follow instructions (correct shipping address, etc.).

At the time we were processing small ticket items, and didn't have a fraud problem. We did, however, have a problem in getting our customers to actually give us the right address, or getting the AVS system to actually work (as mentioned in a previous post - some credit unions, etc. are behind the times).

I processed 5 orders, and three I couldn't get approved for various AVS reasons. I made one phone call, gave up, went elsewhere and cut my losses.

I know this discussion started as CVV2 and not AVS, but the point is the same using any of this technology:

Moral of the story - as the merchant you NEED to have the right to make the final decision.

We batch process all our orders once, maybe twice per day. Before sending them to Authorize.net we give them quick look and phone any suspicious orders for their CVV number. We then manually enter these orders.

So far, we have only caught 1 fraud order using this method. Even then, the customer/thief had the CVV number, but following a hunch (and a tip from WW) my wife asked for the bank name on the card. The person kind of fumbled around for a bit and finally said there was no other name on the card besides Visa. Maybe... but we doubted it enough to not process the order.

cvv stopped working for us a while ago. It does not stand when contesting a chargeback. Most of our come back as matches but we are still not covered. VBV is more of a reliable prevention measure

what is VBV?

We're finding that more of our longtime commerce clients are needing to upgrade their cart/checkout process to include a way for customers to supply the CVV -- this is at the demand of their credit card processors who are now requiring it more and more.

(BTW, I think the VBV being referred to is "Verified by VISA"....)

It's supposed to be a way to prove that you have the card in your possession; but that's a load of rubbish since any website into which you punch your CVV2 number can record it.

My card company has sent me a new card every 6 months or so in the last couple of years. The card number is the same, the CVV changes every time.

Receipts do not print the CVV number is one thing, however some people run automated scripts on a payment processor until a transaction goes through. Because CVV does not stop a transaction going through, they may have a valid card number but the address details and CVV are still out of reach.

It is a very good indicator of fraud - at the moment.

We require it from all customers since Septemner 03. It has definately cut down on the amount of fraudulent transactions.

CompWorld

Great that it has cut down on fraud - but has it cut down on SALES?

(confused customers, etc.)

CVV should cut down on fraud because it is not printed on receipts and not available to workers in retail stores who have a way of seeing and gathering credit card numbers. These, I understand, are the leading ways card numbers are obtained (not over the internet).

Since my average ticket is about $10 for downloadable software of use to a very small number of people I have almost no fraud. I tried CVV for a week--it hurt sales. So I stopped using it. I would use it if I sold expensive tangible goods that would be mailed.

Where CVV won't help is when the actual, physical card (usually along with a purse or billfold) is stolen. However, in theses cases the card is usually quickly sold to someone who will head for the mall and by expensive, easily sold goods during the 24 hours after the card is stolen. Internet and phone fraud is usually when the number is stolen, often by a worker in a retail business who can access the number but not the CVV.

It may have cut down on sales, diffucult to state, but I find the vast majority that get to the payment page either make a valid payment or the banks reject it.

I have noticed that some people ignore the cvv code and still make a payment. Banks seem to return this as not matched instead of not checked, but I suppose it has been checked so... it would be nice if the processor told you if the number was completed or left blank. A simple Y/N would help.

I didn't see anyone mention it, but I'm about 99% certain you will get a better discount rate from your card processor if you do the full gambit of AVS and CVVS matching - I know I get a better rate (by a percent or so) for those transactions.