September 24th, 2014 by Elma Jane

The CVV Number (Card Verification Value) on your credit card or debit card is a 3 digit number on VISA, MasterCard and Discover branded credit and debit cards. On your American Express branded credit or debit card it is a 4 digit numeric code.

The codes have different names:

American Express – CID or unique card code.

Debit Card – CSC or card security code.

Discover  – card identification number (CID)

Master Card – card validation code (CVC2)

Visa  – card verification value (CVV2) 

CVV numbers are NOT your card’s secret PIN (Personal Identification Number).

You should never enter your PIN number when asked to provide your CVV. (PIN numbers allow you to use your credit or debit card at an ATM or when making an in-person purchase with your debit card or a cash advance with any credit card.)

Types of security codes:

CVC1 or CVV1, is encoded on track-2 of the magnetic stripe  of the card and used for card present transactions. The purpose of the code is to verify that a payment card is actually in the hand of the merchant. This code is automatically retrieved when the magnetic stripe of a card is swiped on a point-of-sale (card present) device and is verified by the issuer. A limitation is that if the entire card has been duplicated and the magnetic stripe copied, then the code is still valid.

The most cited, is CVV2 or CVC2. This code is often sought by merchants for card not present transactions occurring by mail or fax or over the telephone or Internet. In some countries in Western Europe, card issuers require a merchant to obtain the code when the cardholder is not present in person.

Contactless card and chip cards may supply their own codes generated electronically, such as iCVV or Dynamic CVV.

Code Location:

The card security code is typically the last three or four digits printed, not embossed like the card number, on the signature strip on the back of the card. On American Express cards, the card security code is the four digits printed (not embossed) on the front towards the right. The card security code is not encoded on the magnetic stripe but is printed flat.

American Express cards have a four-digit code printed on the front side of the card above the number.

MasterCard, Visa, Diners Club,  Discover, and JCB credit and debit cards have a three-digit card security code. The code is the final group of numbers printed on the back signature panel of the card.

New North American MasterCard and Visa cards feature the code in a separate panel to the right of the signature strip. This has been done to prevent overwriting of the numbers by signing the card.

Benefits when it comes to security:

As a security measure, merchants who require the CVV2 for card not present payment card transactions are required by the card issuer not to store the CVV2 once the individual transaction is authorized and completed. This way, if a database of transactions is compromised, the CVV2 is not included, and the stolen card numbers are less useful. Virtual Terminals and payment gateways do not store the CVV2 code, therefore employees and customer service representatives with access to these web-based payment interfaces who otherwise have access to complete card numbers, expiration dates, and other information still lack the CVV2 code.

The Payment Card Industry Data Security Standard (PCI DSS) also prohibits the storage of CSC (and other sensitive authorization data) post transaction authorization. This applies globally to anyone who stores, processes or transmits card holder data. Since the CSC is not contained on the magnetic stripe of the card, it is not typically included in the transaction when the card is used face to face at a merchant. However, some merchants in North America require the code. For American Express cards, this has been an invariable practice (for card not present transactions) in European Union (EU) states like Ireland and the United Kingdom since the start of 2005. This provides a level of protection to the bank/cardholder, in that a fraudulent merchant or employee cannot simply capture the magnetic stripe details of a card and use them later for card not present  purchases over the phone, mail order or Internet. To do this, a merchant or its employee would also have to note the CVV2 visually and record it, which is more likely to arouse the cardholder’s suspicion.

Supplying the CSC code in a transaction is intended to verify that the customer has the card in their possession. Knowledge of the code proves that the customer has seen the card, or has seen a record made by somebody who saw the card.

 

Posted in Best Practices for Merchants, EMV EuroPay MasterCard Visa, Point of Sale, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

December 16th, 2013 by Elma Jane

1. Account Updater (Visa)

Incorrect billing information leads to declined credit cards, loss of sales and unhappy customers.

Visa touts its Account Updater as an easier way to keep customer data current. The tool appends all card data with up-to-date customer info so businesses can avoid difficulties over address changes, name changes, expired cards and more.

The tool can benefit any business that bills customers on a recurring basis.

It eliminates the need for manual administration, so it can lower your business’s operational costs and customer-service expenses. And by saving your clients the hassle of a declined payment, you can boost customer satisfaction and overall sales.

2. Netswipe

Paying online is convenient for customers, but keying in an unwieldy credit card number is still a pain.

Netswipe from Jumio gives customers an easier way: The tool lets users pay by snapping a photo of their credit card; it’s almost as easy as swiping your card through a traditional card reader.

According to Jumio, customers can use their smartphone or tablet to scan a card in as little as 5 seconds, whereas traditional key entry takes 60 seconds or more, on average. Having a quick and convenient way to pay could help contribute to a positive buying experience and encourage repeat business.

The system is compatible with any iOS or Android mobile device, as well as with any computer with a webcam.

3. Netverify

Jumio’s fraud-scrubbing tool helps you determine if your customers are who they say they are.

Net verify allows customers to snap a picture of their driver’s license or other identification using a smartphone, tablet or PC webcam. Once the image is taken, the tool can verify the authenticity of the documentation in as little as 60 seconds.

That’s much faster and more convenient than asking a customer to fax or mail a copy of their ID in the middle of a transaction.

The tool can verify identifying documents from more than 60 countries…including passports, ID cards and driver’s licenses, and even bank statements and utility bills. Jumio says its software is smart enough to automatically reject nonauthentic documents.

And customers can rest easy knowing that all submitted information is protected with 256-bit encryption to prevent identity theft.

Online merchants embed Netverify into their websites as part of the checkout process.

4. Payment Gateway

Payment Gateway service does all the heavy lifting of routing and managing credit card transactions online.

Portals like this one benefit small businesses by providing a fast and secure transmission of credit card data between your website and the major payment networks. It works a lot like a traditional credit card reader, but uses the Internet to process transactions instead of a phone line.

Payment Gateway also offers built-in fraud-prevention tools and supports a range of payment options, including all major credit cards and debit cards.

5. PayPal Here

Mobile credit card processing services like PayPal Here  make it easy to accept credit cards in person using a smartphone or tablet.

PayPal Here and other similar services send you a dongle that attaches directly to your iPhone, iPad or Android device, allowing you to swipe physical credit cards wherever you are.

One major benefit of mobile credit card readers is that they work with the devices you already own. That means there’s no need to carry around additional hardware, aside from the reader add-on itself. Most credit card readers attach to your device via the headphone jack or charger port, and are small enough to fit in your pocket.

The smallest businesses have the most to gain by opting for mobile credit card readers, which are cheaper and far more portable than traditional options.

6. Virtual Terminal

If you do business online, your website needs the infrastructure to accept credit card information.

Web-based applications like virtual terminal offer the basic processing functionality of a physical point-of-sale system, and are easy to install on your business’s website.

The system allows merchants to collect orders straight from the Web, or take orders via phone or mail and before initiating card authorizations online.

It also includes extensive transaction history to help you manage payment data, split shipments, back orders and reversals. Business owners can even receive a daily email report of all credit card transaction activity from the prior day.

 

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, e-commerce & m-commerce, Electronic Payments, EMV EuroPay MasterCard Visa, Gift & Loyalty Card Processing, Mail Order Telephone Order, Merchant Cash Advance, Merchant Services Account, Mobile Payments, Mobile Point of Sale, Near Field Communication, Point of Sale, Smartphone, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

October 31st, 2013 by Elma Jane

While credit card processors and retailers have made strides to combat credit card fraud, it is still rampant across the U.S. In fact, credit card fraud jumped 17 percent between January, 2011, and September, 2012, according to the most recent data from the FICO Falcon Fraud Manager Consortium.

Debit cards obviously have better safeguard measures in place, since debit card fraud rose less than 1 percent between January, 2011, and September, 2012. Plus, the average fraud loss per compromised account fell by 3 percent.

Card-not-present (CNP) fraud is the biggest challenge by far, accounting for 47 percent of all credit card fraud. CNP fraud – which includes payments via the internet, mail and phone – grew 25 percent over the two-year period. So, where the problems with credit cards lie.

Unfortunately, CNP fraud may get worse before it gets better, in FICO’s Banking Analytics Blog. This problem may even intensify as the US moves away from magnetic stripe and toward EMV [chip] card technology. In other countries adopting chip-based authentication technology, we’ve seen counterfeit fraud decline, but as a counterbalance, fraudsters often ramp up efforts around CNP fraud.

However, there was a glimmer of light in the credit card fraud fiasco. While card fraud attempts rose, the average loss per compromised account dropped 10 percent. Plus, the ratio of fraud to non-fraud spending remained constant. “In other words, the volume of card fraud increased proportionally to the volume of consumer credit card spending.

Even though many retailers have implemented successful fraud prevention programs, Visa provides retailers with the warning signs for CNP fraud, including:

Multiple cards used from a single IP address. Orders made up of “big ticket” items. Orders that include several of the same item. Shipping to an international address. Transactions with similar account numbers.

Posted in Digital Wallet Privacy, EMV EuroPay MasterCard Visa, Mail Order Telephone Order, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,