What is the security code on a credit card & why is it needed?

Q: What is the point of having a security code on a credit card? How does it create “security” when a criminal can just steal that number too?

A: If you look where it’s located, you will see that the security code is printed (not embossed) on your credit card.

Visa MasterCard security codeVisa, MasterCard, and Discover

It’s on the back of the card. The security code’s location is always on the right. Sometimes it is within the signature box and other times, there is a separate box just for the code. Either way it’s always the 3 digits furthest to to the right. For Visa this is called the “CVV2” and MasterCard it’s the “CVC2.” Discover calls theirs “CID.”

American Express security codeAmerican Express

You will find the code on the front. You will usually find it on the right side, but on some of their credit cards it might be on the left. It is a 4-digit number and sometimes referred to as the CID or “unique card code.”

How do they protect you?

When you use your card in-person and swipe it for a purchase, the security code on the credit card is usually not involved (though some stores like Sears do choose to use it even for in-person transaction). The only data that is being transmitted is your account number, expiration date, and name on card.

On the other hand, if you are trying to make a “card not present” purchase (such as over the phone or internet) then the card’s security code is required. However, the merchant is typically not allowed to save that security code – they can only use it in real-time to fulfill your purchase.

This means that even if the store where you swiped your card were to save the account number, expiration date, and name on card, they would not be able to process a “card not present” transaction. Furthermore, the internet or phone retailer can’t either, since they didn’t save your code.

How do they not protect you?

This code is a fraud deterrent, it doesn’t make your account fraud-proof (obviously). A crooked store employee or business owner could manually write down the security code on a credit card and use it in conjunction with the other account data – he would then be able to process “card not present” transactions.

Now you may be asking “I order from Amazon all the time and never get asked to re-enter my security code?” That’s correct – for merchants we are doing recurring business with, there is a loophole that allows them to save all your account data, including the security code. For legit merchants this isn’t a problem, but for shady businesses where you unknowingly signup for a recurring membership or recurring product shipment, this can be an issue. However the biggest risk would be if someone hacked these merchant’s databases where your code is stored.

Should you really care either way?

If you live in the United States, fortunately there is a federal law which caps your maximum liability at only $50. However with most credit cards you won’t even pay that and they give you zero liability.

So having your account information stolen and fraudulently used is a headache no doubt about it, but at least you can rest assured knowing that you probably won’t be responsible for a dime of it. However, please note that if you choose to enroll in a membership/auto-shipment program those purchases might not necessarily be considered fraud.

The responses below are not provided or commissioned by the bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser's responsibility to ensure all posts and/or questions are answered.
Margaret Haverfield

Many merchants such as Dollar Tree and Walmart request the security code now for in store transactions. Why do they now think that they need it. If I picked a dropped credit card up off of the floor I could use it illegally and supply the number right off of the back card.

Hi, Neat post. There is an issue together with your site in internet explorer, may test this IE nonetheless is the marketplace leader and a huge part of folks will leave out your magnificent writing because of this problem. agabakkgfdaf

Originally, I believe, you would never TELL someone the security code because it was for unmanned transactions where a person couldn’t ask other details. However many telesales simply use a web interface that assumes it is YOU typing the info. I suggest you should never tell a person your security code. But then you could probably never use telesales. Ho hum.

I just had a fradulent transaction from Switzerland for $1500. The American Express Fraud representative told me that they (AMEX) didn’t require a “security code”. I think she is full of it, but will pursue with AMEX.

Of course AMEX asked me if I had possession of my Credit Card.

I pointed out that I was in the U.S., and if a security code was required, this couldn’t happen. (Unless of course there was an organized enterprise to steal all of my credit information)

I don’t think AMEX gives a hoot.

I always wondered what this code was used for also , glad to see that it does have a security purpose to it. Thanks for the tip.