Information on Merchant Accounts,
Ecommerce and Credit Card Processing

July 16th, 2007 by Jamie Estep

Only half of top ecommerce sites require Card Verification

Filed in: Merchant Accounts | 6 comments

A few weeks ago Elastic Path published their Ecommerce Checkout Report which was a great breakdown of the online trends of the top 100 internet retailing websites.

One area that I found particularly interesting is that only about half of the top 100 online retailers require additional card verification (CVV2, CID, CVC, etc) information to be entered when a customer makes a purchase.

CVV2 Credit Card

Card Code Verification is a basic fraud deterrent because the purchaser must have the card in hand, or have copied the entire number, expiration date and code from the back of the card to use it. It eliminates fraud from credit card skimming as the card verification code is not on the magnetic stripe and therefore cannot be used where CVV2 is required. It’s by no means a complete solution, nor is it acceptable as the only method of preventing fraud. It is a great tool, that costs nothing, and can save a business from a lot of unnecessary fraudulent orders.

So, why would the biggest online retailers not require this most basic information for orders that they accept.

The simple answer is money.

Conversion rates were measured to be 40% higher on the websites that were not requesting card verification information. 40% is a massive amount when you are averaging it across millions or billions in sales. I would imagine that a large well organized company would leverage whether the cost of fraud from not requiring CVV2 outweighs the cost in lost sales from requiring it. It is apparent than many businesses find it less costly to deal with any fraud that might occur from not using CVV2, than to take a hit in their conversion rate and require it. This is a completely irresponsible practice, but isn’t the least bit surprising.

So should you use CVV2?
First off, if your merchant contract states that you must use card verification on card-not-present transactions, then Yes. It is fairly common for processors to require this information, and if you’ve opened a merchant account in the past two years, there’s a good chance that it’s required with your account. You could risk getting your merchant account shut down for not using CVV2 if you’re processor requires it.

My personal recommendation for businesses who aren’t required to use it is also Yes. Especially for the case of small businesses where the cost of a few fraud related chargebacks can ruin a business. Additionally, it is much easier to fight most chargebacks when you have a valid CVV2 match. If you have a positive CVV2 response, it is proof in most cases that the person who made the purchase had the card in hand. CVV2 also is a proactive approach at helping consumers. If a person gets their card skimmed or the number gets stolen, their card cant be used anywhere that CVV2 is required. If a database with credit card numbers gets compromised, the cards cannot be used where CVV2 is required since CVV2 is never allowed to be stored by a business. Lastly, CVV2 actually works for international cards while AVS (Address Verification) does not. It is really the only built-in fraud prevention method that is internationally usable at this time.

Currently CVV2 is not required, but only because some older cards don’t have CVV2 numbers on them. As soon as every card does, it’s very likely that it will be required for all card-not-present transactions.

Even now, if everybody used CVV2 for their transactions, there wouldn’t be a huge conversion rate gap like this, card holders would be safer, and banks would eliminate some of the cost of fraud, which drives up credit card related prices for consumers and businesses alike.

Credit card verification numbers

6 Responses to “Only half of top ecommerce sites require Card Verification”

  1. Kevin September 13, 2007 at 4:14 pm

    It’s ridiculous for any merchant to operate without credit card verification, because even if you received the money if it’s fraudulent and you recieve tons of chargebacks you can say goodbye to your business.

    I don’t know what they could thinking, I mean they consumers too.

  2. mike January 21, 2008 at 10:38 am

    Especially for the case of small businesses where the cost of a few fraud related chargebacks can ruin a business

  3. Karen March 27, 2008 at 3:43 am

    Yes, I agree! I believe we will be most protected when they ask for the CVV first before they approve the payment.

  4. conrad February 17, 2009 at 3:08 pm

    We might have a problem if we’re required to use CVV. Many of the orders coming from our online system (where the card is authorized) are for backordered items that won’t be shipped (and therefore charged) for weeks. Since we can’t store the CVV, we’re going to be stuck when the original authorization expires.

  5. jestep February 17, 2009 at 5:12 pm

    In this case, you can use the CVV on the authorization, and then don’t use it on the actual capture. You only need to verify it once. Same thing goes for recurring transactions, you use the cvv on the first authorization and then do not use it thereafter.

  6. Jake August 5, 2009 at 8:06 am

    I own a small retail printing shop but have had a horrible time finding a reliable credit card processing company. Need help any suggestions?