![\"CVV\"](\"https:\/\/www.merchantequip.com\/images\/logos\/all-cvv.gif\")
<\/center><\/p>\nCVV offers a little protection against fraud, but nonetheless should be used whenever possible.<\/p>\n
<\/p>\n
Why CVV is worthless<\/h2>\n
CVV cannot be written down, ever:<\/strong><\/p>\n Avoid CVV2 Storage. All merchants are prohibited from storing CVV2 data. When asking a cardholder for CVV2, merchants must not document this information on any kind of paper order form or store it on any database.<\/p><\/blockquote>\n CVV can only be used in call centers where the card is directly keyed into a processing system that instantly authorizes the transaction. It can be used on a website where an automatic authorization is made. Other than those two circumstances, it really can’t be used. The fines for storing a CVV number are steep and could easily cost a merchant hundreds of thousands of dollars, not to mention loosing your ability to process credit cards forever. <\/p>\n Just to clarify CVV must not be written down, sent in an email, stored in a database, saved for later in any way, at any time, for any reason!<\/p>\n CVV wears off:<\/strong> The CVV system isn’t always available:<\/strong> It doesn’t guarantee anything:<\/strong> It’s FREE:<\/strong> I’ll come straight out and say, I don’t recommend requiring a positive CVV match to approve a transaction. However, if you decide not to require it, I strongly recommend implementing a transaction flagging system forcing transactions with a CVV mismatch to be manually reviewed before shipping. You can easily implement your own system using the response from a payment gateway. Most payment gateways also have additional fraud prevention tools, that will automatically flag these transactions.<\/p>\n It protects against skimming:<\/strong>
\nIt’s almost like they printed the CVV number in some special fast-fading ink. CVV numbers wear off quickly, and are often unreadable after a month or two. This creates an unnecessary burden for customers who are forced to use their CVV number for a payment. No wonder why 50% of the top 100 retailers don’t use CVV<\/a>.<\/p>\n
\nIf you’ve ever looked at an error log of an active payment gateway, you you see a mess of CVV not available, not supported, and other non-mismatch errors. The CVV system is definitely not rock-solid at this point, and there’s a potential to lose legitimate business due to these erroneous errors.<\/p>\n
\nMy biggest complaint, a positive CVV match doesn’t guarantee anything except that whoever placed the order had the card in hand (or wrote down the CVV number). It doesn’t automatically win chargebacks, and it doesn’t remove any accountability for a transaction from the merchant. It is strictly a preventive measure to combat fraud.<\/p>\nWhy CVV is still a good system<\/h2>\n
\nThat’s right. Unlike the AVS system, there is no additional fee for using CVV. At the very least, there’s no reason at all not to use CVV for online processing. Whether you want to actually decline transactions based on a CVV response is a different story. <\/p>\n
\nIt is signifigantly more complicated for a card skimmer<\/a> to record the CVV number in addition to the magnetic stripe data. In almost all cases, using CVV will prevent fraudulent transactions from skimmed cards.<\/p>\n