What is it?

A Card Security Code (CSC) or Card Verification Value (CVV) is a security feature present in most modern day credit cards which is used in "card-not-present" transactions. In physical transactions where a credit card is swiped in a Point-of-Sale machine, the secret PIN may be manually entered by a user. However, in online and digital transactions, where the card cannot be physically swiped, the user enters the CVV number as an additional security feature.

How does it work?

The concept of using the CVV code started in the UK back in 1995. By 2001, the three biggest card associations - Visa, MasterCard and American Express - were all using this feature. In most cases, the CVV number is written plainly on the card itself (not embossed). The concept of the CVV is thus fairly simple and provides significant security benefits for an almost negligible cost. Here are some of the ways in which the CVV can protect against fraud:

• Merchants are not authorized to save the CVV number (they may save other details). If their database is later compromised, the CVV numbers remain secret.
• Employees at the merchant's end or customer service representative, etc. cannot see the CVV number (they are usually able to see other card details) and hence cannot initiate a transaction on behalf of a card owner.
• With the right equipment, it is possible to copy the data on the magnetic stripe of the card. But the CVV is not present on the magnetic stripe and is thus safe from situations where the data on the magnetic tape has been copied.

Life without the CVV

You might have noticed instances where your card still gets debited even without providing the CVV. This is actually possible and depends upon the specific merchant and the card issuer. For example, in certain countries Amazon does not require the CVV number. They can process the transaction without CVV information and they do this to provide a faster checkout experience to the customer. The risk with this method is a higher chance of fraud. However, Amazon might be willing to accept that risk and the potential costs of chargebacks. Essentially, the amount of card security depends on the local laws, agreements between card associations and banks, merchant reputation and the prevalence of card fraud.

The Future

Given the ever increasing importance of online commerce and the increasing share of credit cards in the global payment landscape, the credit card industry is gearing up as well. Researchers have come up with dynamic CVV (dCVV) based cards that generates a fresh CVV for every new transaction. There is small screen present on the back of the card which generates a new CVV for every transaction. Such features are expected to greatly reduce the incidence of fraud in card-not-present transactions.

The credit card industry has grown rapidly and security measures have also evolved over time. From a simple 3 digit number on the back of the card to dynamically generated codes displayed on a micro screen embedded in a 0.76mm card; technology is revolutionizing the way we protect our plastic money.