Welcome to WebmasterWorld Guest from 54.146.239.96

Forum Moderators: buckworks

Message Too Old, No Replies

Does asking for CVV2 or security code turn off buyers?

CVV2, Credit card, conversion, security code

     

KanukBoy

7:27 pm on May 19, 2004 (gmt 0)

10+ Year Member



Hi

Last week, I made the security code (CVV2) a mandatory field in our credit card payment form. It now looks like it may be reducing conversion. I am not declining the transaction based on this code - I'm just asking for the code and looking at the test result later.

Can it be that potential customers don't want to enter the CVV2 number?

What experience have you had with this?

Thanks

Shak

7:49 pm on May 19, 2004 (gmt 0)

WebmasterWorld Senior Member shak is a WebmasterWorld Top Contributor of All Time 10+ Year Member



very interesting question.

problem is that many many people do NOT understand what CVV2 code is.

we had a similar problem, and then made dure next to the field there was text link which said "What is CVV2" this led to a pop up with both MC/Visa, and Amex screenshots with text about how to find it.

problem was solved.

I think there is avery very small % of cards that do NOT have CVV2

Shak

KanukBoy

8:08 pm on May 19, 2004 (gmt 0)

10+ Year Member



Thanks for your reply Shak.

I'm sure that is not a problem here. I am using the WorldPay's standard payment page which has a good pop up help page.

I can't tell whether the lower conversion is due to asking for CVV2 or due to seasonal fluctuations.

Anyone else have experience with CVV2/security code?

Thanks

martyt

8:15 pm on May 19, 2004 (gmt 0)

10+ Year Member



We've required CVV since day one, and our customers are mostly "little old ladies" who don't know much about the internet - no problems whatsoever, aside from the customer's inability to clearly read the code on cards that have been used a lot... But maybe that goes back to them being "little old ladies" who can't see too well... ;-)

Make sure that you explain that asking for their CVV code is for their protection and that you're making sure a thief who stole a credit card number can't use that number unless he has the card as well.

sun818

8:56 pm on May 19, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



CVV does not seem as useful as a deterent to fraud. If every merchant asks for it and their credit card database is hacked then that CVV information I assume is also available along with the credit card numbers. For domestic purchases, it seems like a waste of time to me.

Does entering the CVV reduce the credit card processing rate you are charged by your merchant processor?

Morocco

9:08 pm on May 19, 2004 (gmt 0)

10+ Year Member



Sun,

You are exactly right...it is a waste of time and money. There was just recently a fraud case in which a waitress was photographing cc #'s along with the CVV with her cell phone camera. They estimated she racked up around $100,000 worth of solen merchandise along with a personal database of over 100 CC #'s with matching CVV's.

Its not even a deterant for fraud anymore its a bump in the road.

ogletree

9:13 pm on May 19, 2004 (gmt 0)

WebmasterWorld Senior Member ogletree is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I don't think it helps much either. If somebody is stealing cc numbers they know to get that.

KanukBoy

9:36 pm on May 19, 2004 (gmt 0)

10+ Year Member



>Does entering the CVV reduce the credit card processing rate you are charged by your merchant processor?

Not for me.

From the latter posts, it sounds like I should not bother to ask for it.

I thank everyone for sharing your insights.

john_k

9:46 pm on May 19, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I believe it should give you better protection against charge backs.

As for the hacked databases: CVV numbers are not supposed to be stored. Ever. I hope the vendors that had that data stolen were hit with huge penalties.

[edit]What hacked databases? Sorry - jumping between different threads and I read something that wasn't there (again).[/edit]

[edit2]Ah - so there was mention of hacking databases (in Sun818's post). So the answer to that is that the CVV info should NOT be in the database.[/edit2]

TomJ

10:02 pm on May 19, 2004 (gmt 0)

10+ Year Member



yeah, the CVV number is supposed to prove that the person entering the card number actually has possesion of the card...eg, its not cloned.

a simple pop up with a little piccy explaining where on the card it is...how many digits and where amex has theirs really helps.

also if you put a line of text explaining how this makes internet shopping safer, users feel re-assured and more willing to purchase from you in future!

Tom.

sun818

11:02 pm on May 19, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



> CVV info should NOT be in the database

Hi, that is good to know. I did not know this.

To me, the security requirements need to increase as the dollar value goes up and/or you are dealing with international destinations. For a $50.00 USD transaction, I will not require my buyers to enter CVV. But if the transaction is for $1,000.00 USD or more, I will want my buyers to go through the security requirements. CVV would be but one of many steps to provide proof of card ownership and authorization. Won't go into the other details because not everyone who reads this public forum is honest.

Morocco

1:25 am on May 20, 2004 (gmt 0)

10+ Year Member



Basically you have no protection against a fraudulent chargeback when you collect CVV. That's the bottom line. I can understand where most are coming from in collecting that information. It's a minor way to try and deter criminals but it is no guarantee. If you recieve a chargeback you can't go and say....hey I collected the CVV. The bank will laugh at you. Your only hope is VbV, SecureCode and the 3d secure programs. It is the only way right now to stop fraudulent chargebacks. Its not perfect but its the closest the ecommerce world has ever seen.

KanukBoy

4:46 am on May 20, 2004 (gmt 0)

10+ Year Member



Thanks for your replies everyone.

>Verified by Visa and SecureCode
Do credit card processors typically charge the merchant more for this? Is it expensive?

Morocco

1:32 pm on May 20, 2004 (gmt 0)

10+ Year Member



Its an additional charge typically based on your annual transaction volume. It functions independently from your Gateway and processor on your own server. We have a licensed access to the software and we only pay for what we use. We installed it...they run it, do the updates, monitor it, and keep it in the latest versions so we never have to worry about it.

Unlike your discount rate it isn't based on a percentage. One of the perks of the program is that Visa lowers your interchange rate immediately starting with your merchant bank. This means that if you have high average ticket price the lowered interchange rate will cancel out the per transcation fee...which is the case for our company. The programs are deliverded by certified vendor companies. Stick to the ones recommended by Visa and MasterCard. I can recommend you our vendor if you like.

jollymcfats

3:04 pm on May 20, 2004 (gmt 0)

10+ Year Member



Where does one get those "where is the CVV2" graphics?

Herath

3:18 pm on May 20, 2004 (gmt 0)

10+ Year Member



A LOT of customers think the CVV number is the last
three digits of thier credit card number.

What we do is, if CVV check fails and customer entered value = last 3 digits of CC, then cleary tell the customer, It is NOT the last three digits of your credit card. It is the number at the BACK.

martyt

3:49 pm on May 20, 2004 (gmt 0)

10+ Year Member



I just called my merchant account provider and found out that submitting or not submitting CVV makes no difference in the discount rate. I had previously been under the impression that it made a difference between the "qualified", "mid-qual" and "nonqual" discount rates for transactions, but I guess I was wrong.

So I'm re-thinking whether I need to continue to require CVV during checkout. I'm in a business where fraud is a non-issue and we do end up with a significant number of customers who screw up the CVV code when they enter it, requiring an additional round of e-mail or phone calls to get it corrected before we can process the order.

If it's causing me more work and not saving me any money, that I guess I don't really need it after all...

Glad this discussion came up!

PS - regarding the graphics, one could always search for CVV or CVVS at google or elsewhere and find a plethora of images suitable for using... ;-)

jollymcfats

3:58 pm on May 20, 2004 (gmt 0)

10+ Year Member



For what it's worth, one of the cards we accept charges us a hefty per-transaction fee for card-not-present transactions- but the fee is waived if CVV2 validation is performed.

KanukBoy

6:42 pm on May 28, 2004 (gmt 0)

10+ Year Member



Just to let you guys know what I found...

I have removed the requirement for CVV2 in our payment form. Now, it looks like sales have increased back to normal levels.

If real, the effect could not have been caused by confusion about what is the CVV2, because we have a pop up help with a good image of where this code is on the card.

Thanks to all for your comments.

chuladi

7:56 pm on May 28, 2004 (gmt 0)

10+ Year Member



Does entering the CVV reduce the credit card processing rate you are charged by your merchant processor?

If possible, I would ASK for CVV but not require it.

Discover has already started charging card not present merchanta an extra $0.50 on a transaction where CVV information is not supplied. Visa and Mastercard ARE following suit, either charging a higher discount rate OR an additional charge, for internet transactions without CVV.

CustomFit

11:26 pm on May 28, 2004 (gmt 0)

10+ Year Member



We have a few e-com sites that deal with a variety of markets, and none of them have experienced any negative conversion rates with CVV2/Card Code validation requirements. Personally, I feel that most online consumers are used to this requirement by now.

With that said, we have noticed a major backlash when requiring Authorize.Net's Fraud Screen program. It has caused a tremendous loss in revenue. We assume many consumers have a different billing address, cardholder name, etc., and there in lies the problem.

Anyway, CVV2 should be a walk in the park by comparison. So long as you use all other available address verification system variables, plus any terms of your own (i.e. only shipping to the cardholder's billing address), you should be covered.

HTH,

CF