The card verification number, also known as the CVV number, refers to the last three digits printed on the reverse of nearly all debit and credit cards issued in the world. The long account number on the front of the card can be obtained fairly easily by fraudsters, but the CVV code adds an extra layer of security for cardholders as it is much more difficult to obtain or guess.
The payment gateway provides a method of checking the CVV or CV2 number. When a payment request is submitted by a customer, the CV2 code is checked by the gateway against the information stored by the card issuer, and will return one of four possible responses:
- M – The check came back okay, and the security code provided with the payload matches at the issuer level.
- N – The check failed; the security code provided doesn’t match the card details held by the issuer.
- P – The check could not be performed for multiple reasons; mainly that it was not provided with the payment payload.
- U – The user is unregistered; this occurs in very rare instances where the issuing bank is not participating with the CVV or CV2 scheme.
These results can be interpreted by you, the merchant, as you wish, you can still decide to take the payment with a result of N, P, or U, although you’d be exposing yourself to unnecessary risks by taking a payment from a non-matched security code.
The security code on Visa, MasterCard, American Express cards etc is there as an additional security measure, designed to protect both consumers and merchants from fraudulent activity. If you’d like to find out more about payment gateways and fraud protection measures please contact us and we’ll be happy to help.