Are the three-digits on the back of a payment card really relevant?
Is it time to ditch the CVV code?
Dispelling the myths around the three digit CVV code
Is the CVV code necessary? At Encoded we say no. It can’t be retained once a transaction has been processed, as this contravenes the Payment Card Industry Data Security Standard (PCI DSS) which prohibits the storage of a customer’s confidential card data and does it really protect the merchant?
Here are two main myths about CVV codes:
Myth One: Merchants benefit from reduced interchange fees using CVV codes
However, in 2015 VISA capped the rate at 0.2% for debit card transactions and 0.3% for credit card transactions across the EU, irrespective of whether the transaction included the CVV or not. Telephone order transactions are deemed as non-secure.
So there is no financial benefit from requesting the CVV, except in disputes or chargebacks, when if the CVV code was included when a merchant submits a transaction for authorisation, the processor and/or card brands will reduce their fees slightly.
Myth Two: Repeat transactions need to submit the CVV for the original and subsequent transactions
- Use a payment service provider that supplies a reference number from the original transaction and then all subsequent transactions use the same number or token.
- Store the cardholder’s name, account number and expiration date securely either by encrypting or keeping physically secure for a manual system.
Staying PCI DSS Compliant
Investing in secure payment and tokenisation technology from an experienced payment service provider will help to keep you PCI DSS compliant and protect your customers against fraud and cybercrime.
There is no time to lose
Now is the time to get the right levels of security in place and ditch the three-digit CVV code. Talk to us at Encoded and be safe in the knowledge that we know what we are talking about when it comes to contact centre and online payment solutions, and PCI DSS.
As you can see it really is at least “a day in the life of a payment” if not longer. What may appear to be a simple case of an amount being taken from your card and a debit appearing on your statement the following month really involves far more than is at first evident.