CVV stands for Card Verification Value. If the CVV number is required during an online purchase, it would show that you are in possession of the credit card and it should be valid. The CVV number should never be shared with anyone as it should be secure at all times. It should not appear anywhere on the web or social sites.

CVV Number is a 3 or 4 digit number printed on the back of a credit/debit card. This number is also known as Card Security Code, CVVC, CSC or Card Verification Value. Different payment systems have different ways to verify this security code during online purchase so you should know about them in order to avoid a data loss.

The payment system may use CVV number verification using the following options:

• 3D Secure – The customer is redirected to his bank’s website where he has to enter the login details and the online purchase requiring the CVV number will be approved or rejected based on this security code entered by you. If it is rejected, the payment will be declined.
• One Time Password (OTP) – This is a password sent to your phone number or email id which you have to enter online for the purchase. The OTP may be valid for just one transaction so you have to apply it each time during each purchase.
• ZIP/Postal Code – The online merchant may ask you to enter the ZIP code of your billing address or zip code. This number is checked against the postal code of the address on record with your credit card company and only after verification, the payment will be approved.
• Address Verification (AVS) – Payment system checks for street number, street name, zip code and the city name of your billing address against the information on record with the credit card company.

Are you a victim of Card Data Breach?

Most banks or financial companies do not provide any protection for online purchase if CVV number was compromised during a data breach at a retailer. The reason is that you have shared the information with a third party without knowing it. You may be a victim of a Card Data Breach and in order to make sure, you should contact your bank/credit company and find out if they have noticed any suspicious activity on your card.

In most cases when CVV number is shared online or stolen from an ecommerce website, the thief can use it for online transactions where the CVV number is required. The thief may wait for a while before using it so that the card details go unnoticed.

If you are not the only person who knows about your credit/debit card and its CVV number, then you should change it as soon as possible and never share this number with anyone for any ecommerce related purchases.

The online vendors do not need this security code for transactions where they give you an option to save the card details for future use and you can pay them without entering the CVV number every time. This way, your credit/debit card information is saved on their servers and there is no need to use the CVV number.

In some cases, you do not need to enter the CVV code during online purchase but if your card is listed as a zero liability product by your bank/credit company then you should be careful about which site you are entering this number on. Always check the terms and conditions for further details.

The Payment Card Industry (PCI) has introduced a new rule called PCI DSS 3.0 which all the ecommerce websites must follow and they should implement it by October, 2015. If you do not want to share your CVV number or if you think that the website is asking you an unreasonable amount of information for online transactions then you should avoid them.

Follow the steps mentioned here if you want to protect your card and transactions:

• Never share your CVV number with anyone. This number is like a password and should not be shared.
• Contact your bank/credit company to find out if they have noticed any suspicious activity on your card or not.
• If you suspect any fraudulent activity on your card, report it immediately.
• Make sure that the online merchant requires only your credit/debit card number and nothing else to complete the transaction. If they are asking for more information like billing address, ZIP code or phone number then you should not trust them with your sensitive information.
• You should also check the privacy and terms and conditions policy of the online store and see if they are asking for too much information from you.
• If all looks fine then you should enter your details on that site but if something seems fishy or out of line then report it to your bank/credit company at the earliest.
• Always check the security certificate before entering your sensitive information. If it does not show a padlock or says ‘Not Secure’ at the top of the browser then do not enter any details and go to another website which is secure and has SSL installed.