Risk & Compliance
CVV (Card Verification Value)
Definition
CVV (Card Verification Value) the 3-4 digit security code printed on payment cards (back for Visa/MC, front for Amex). Used to verify the cardholder has physical possession of the card during CNP transactions. CVV cannot be stored post-authorization per PCI rules, requiring re-entry for subsequent transactions. Validation reduces fraud from stolen card numbers obtained through data breaches.
Related Terms
AVS (Address Verification Service)
A fraud prevention tool that compares the billing address provided by the cardholder with the address on file at the issuing bank. Returns a match code indicating full match, partial match, or no match. Commonly used for CNP transactions. Not available in all countries. Should be one factor in fraud decisions, not the only one.
Fraud Prevention
Tools and strategies to detect and prevent fraudulent transactions before they complete. Includes AVS, CVV validation, 3DS, device fingerprinting, velocity checks, IP geolocation, and machine learning fraud scoring. Balance is critical - too aggressive blocks legitimate sales; too lenient increases fraud. Most PSPs offer built-in fraud tools; specialized providers (Signifyd, Riskified) offer guarantees.
PCI-DSS
Payment Card Industry Data Security Standard - a set of security requirements for organizations that handle cardholder data. Compliance levels range from SAQ-A (simplest, for merchants using hosted payment pages) to Level 1 (most stringent, for large processors). Non-compliance results in fines and potential loss of card acceptance. Most merchants should minimize PCI scope by using tokenization and hosted payment forms.
Need help navigating payment terminology?
We speak fluent payments. Let us translate for your business.
Talk to Us