CVV stands for Card Verification Value. If the CVV number is required during an online purchase, it would show that you are in possession of the credit card and it should be valid. The CVV number should never be shared with anyone as it should be secure at all times. It should not appear anywhere on the web or social sites.
CVV Number is a 3 or 4 digit number printed on the back of a credit/debit card. This number is also known as Card Security Code, CVVC, CSC or Card Verification Value. Different payment systems have different ways to verify this security code during online purchase so you should know about them in order to avoid a data loss.
The payment system may use CVV number verification using the following options:
Most banks or financial companies do not provide any protection for online purchase if CVV number was compromised during a data breach at a retailer. The reason is that you have shared the information with a third party without knowing it. You may be a victim of a Card Data Breach and in order to make sure, you should contact your bank/credit company and find out if they have noticed any suspicious activity on your card.
In most cases when CVV number is shared online or stolen from an ecommerce website, the thief can use it for online transactions where the CVV number is required. The thief may wait for a while before using it so that the card details go unnoticed.
If you are not the only person who knows about your credit/debit card and its CVV number, then you should change it as soon as possible and never share this number with anyone for any ecommerce related purchases.
The online vendors do not need this security code for transactions where they give you an option to save the card details for future use and you can pay them without entering the CVV number every time. This way, your credit/debit card information is saved on their servers and there is no need to use the CVV number.
In some cases, you do not need to enter the CVV code during online purchase but if your card is listed as a zero liability product by your bank/credit company then you should be careful about which site you are entering this number on. Always check the terms and conditions for further details.
The Payment Card Industry (PCI) has introduced a new rule called PCI DSS 3.0 which all the ecommerce websites must follow and they should implement it by October, 2015. If you do not want to share your CVV number or if you think that the website is asking you an unreasonable amount of information for online transactions then you should avoid them.
Follow the steps mentioned here if you want to protect your card and transactions: