Take a quick look at your credit card, debit card, or ATM card. At the front, you see your name, your account number, and your card number. Depending on the type of card you have, there might be an additional set of numbers above your card number or on the back. For American Express cards, there are four of them on the front, and for Visa or MasterCard, there are three on the back.
Looking at the back of a Visa or MasterCard, below the magnetic strip, you will see a series of numbers. The last three digits are set apart. Those three digits are your CVV (Card Verification Value) or CVC (Card Verification Code). They are placed there as a security measure, to make sure you have the physical card with you when you’re transacting.
The reasoning is that while someone may steal your card number from a notepad, receipt, or skimmer, but they won’t always have the CVV details. That’s why when you use your card online or on the phone, you’ll typically be asked for your CVV before you complete the transaction. The bad news is criminals now have ways of getting your CVV.
How criminals steal your CVV
There are two main methods. In phishing, you are sent to a clone of a genuine website such as your bank or your favorite online store. You’ll key in all your details, including your CVV and the answers to your security questions. The second method is to use a key-logger. It records everything you type on your keyboard, including passwords and CVVs.
Essentially, this means criminals can only get your CVV if you unintentionally give it to them. This can’t be completely avoided, but you can try to be a little more vigilant before you type in your card details.
The first step is to check the url of the website you’re using. If it’s ‘https’ that means it has an SSL certificate and additional encryption, so you’re probably safe. It may also have a padlock icon, which is another symbol of SSL certification. You can also use strong antivirus software and/or a firewall that can identify and intercept phishers and key-loggers.
Observation is the key
Whenever you’re on a site that requires your card details, look at it carefully. No matter how well a site is cloned, there may sometimes still be a small mistake. Check the address bar to be sure it’s the right site. Typos, bad grammar, and suspicious links are also major red flags.
For example, the letters ‘rn’ can look a lot like ‘m’ in a falsified email or URL. If you have any doubts at all, then call the source, or reach them through social media to find out if it’s a genuine message.
For more information on how CVV codes protect against fraud, or to sign up for a merchant account, please call (888) 924-2743 or go to Charge.com.