Why Do Credit Cards Have Security Codes?

March 8, 2016, Written By Jason Steele
Credit Card, CVV code with mobile phone

Credit cards are all about numbers. The first number that most people see is their account number itself, which is a 16 or 17 digit number that usually appears on the front of a credit card, but sometimes on the back. Another important number is your card’s expiration date.

But a lesser known number is the card security code, or CSC. Sometimes this three or four digit number is called the card verification value, or CVV. Other acronyms for security codes are CID or CVV2. Typically, Visa and MasterCard use a three digit number while American Express uses a four digit number. This number can appear on the front or the back of the card, and is often required when making purchases online or over the phone, transactions that are called “card not present” within the credit card industry.

Why credit cards have this number

Credit card issuers started using CSC and CVV numbers in the late 90’s and early 2000’s after credit card security was being compromised while the number of Internet transactions grew exponentially. Essentially, these numbers provide cardholders and merchants with an extra layer of security, beyond simply the card number and expiration date.

Interestingly, these security codes are not stored in the magnetic stripe or the smart chip on your credit card. So hackers that steal the data from your credit cards electronically will still be unaware of the card’s security codes and unable to use their stolen data to make purchases online or over the phone. On the other hand, not all merchants will ask for a card’s security code, and those that do are prohibited from storing these numbers.

Protecting your card’s security codes

You should never write down or store these numbers as they will allow someone who finds it to make charges to your account online. It is also a bad idea to scratch these numbers off of your credit card, as you can forget these numbers and some merchants will want to view them on your card.

In addition, it is always a good idea to closely review your credit card statements and look for suspicious or fraudulent charges. The Fair Credit Billing Act of 1974 prevents credit card users for being responsible for more than $50 in the case of fraud. But in practice, nearly all credit card issuers waive this amount by offering zero liability policies. Nevertheless, it is up to credit card users to spot fraudulent charges and report them to their credit card issuer in order to receive a credit.

Other types of credit card protections

One number that doesn’t appear on your credit card is your zip code. Some merchants will ask for the cardholder’s billing address or zip code, and use that number in order to help verify the authenticity of the transaction.

The most visible and recent addition to credit card security has been the addition of the embedded smart chips, often called EMV chip cards after Europay, MasterCard, and Visa, the companies behind the creation of this standard. These embedded microchips conduct encrypted, two-way transactions with the next generation of credit card readers already in use in Europe and the United States. Although these transactions can take significantly longer than those using the old magnetic stripe technology, it is a far more secure method of authorizing a transaction.

The credit card industry has adopted a liability shift in 2015 that transfers the liability for fraudulent transactions between the merchant and the credit card issuer, depending on which party failed to upgrade their technology. For example, if a credit card issuer has not given its customer a smart chip-enabled card, but the merchant had a terminal capable of accepting it, then the card issuer is responsible for the cost of a fraudulent transaction. But if the cardholder has been given a chip-enabled card but the merchant failed to upgrade its terminals to accept the chip, then the merchant will bear the cost of any fraudulent transaction. In either case, credit card holders will never face any liability for fraudulent transactions that they report, due to the strength of the Fair Credit Billing Act’s protections. In fact, one could argue that the inherent security afforded to credit card users by law has been the foundation for the growth and profitability of the credit card industry over the last forty years.

Keeping your account information safe

Even though credit card users are not responsible for fraudulent charges, they still wish to avoid the hassle of reporting them and having their card replaced. Other helpful tips to preventing fraud include not giving out your card to anyone and keeping it in a secure location at home and at work. In addition, you should never lock your credit card in your car, as vehicle break-ins are a major source of credit card theft.

By understanding credit card security codes and other anti-fraud measures, you can keep your accounts as safe as possible.



The information contained within this article was accurate as of March 8, 2016. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.