MasterCard’s Card Validation Code 2 – CVC 2
MasterCard, just like bigger rival Visa, puts security codes on all credit and debit cards that bear its logo, as an additional security feature to help merchants who accept payments in a card-not-present environment fight fraud. The CVC 2, which stands for Card Validation Code 2, is located on the back of all MasterCard cards. It is a three-digit code indent printed on the signature panel of MasterCard cards. The CVC 2 is preceded by the last four digits of the card’s account number, printed in the signature panel. This added security measure enables e-commerce and MO / TO retailers to verify that the buyer has the actual card in his or her possession during a card-not-present transaction. Visa’s equivalent security code is called Card Verification Value 2 (CVV2).
The CVC 2 is a security feature that all major payment gateways and virtual terminals support and your payment processor should make it available to you.
How to use CVC 2? The CVC 2 should be used in every e-commerce or MO / TO transaction. Consider implementing the following steps:
- Ask your customers for the last three digits in the signature panel on the back of the MasterCard card. Do not ask for the CVC 2 number, as your customer will most likely have no idea what this is.
- Depending on the response your customer gives to your CVC 2 request, include one of the following indicators in your authorization request, along with the card’s expiration date and the account number:
Indicator When to Use It 0
If the CVC 2 is not included in the authorization request. 1
If the CVC 2 is included in the authorization request. 2
If your customer has stated that the CVC 2 is illegible. 9
If your customer has stated that the CVC 2 is not on the card. - The card issuer will reply to your request with one of the CVC 2 result codes listed below. Take it into consideration, along with all other factors in determining the validity of the transaction.
Result Code Recommended Action M – Match The CVC 2 is valid. Complete the transaction, taking into account all other transaction characteristics. N – No Match The CVC 2 is not valid. View this result as a very strong indicator of fraud. It may, however, be the result of a key-entry error, so you may consider resubmitting the CVC 2 request. P – CVC 2 request not processed You should resubmit the request. S – the cardholder has stated that the CVC 2 is not on the card The CVC 2 code should be on all MasterCard cards. Consider following up with your customer to verify that he or she has checked the correct card location. U – the card issuer does not support CVC 2 In this case you should evaluate all available information and decide whether to proceed with the transaction or investigate further.
Storing of CVC 2 is prohibited. Never keep or store CVC 2 codes once a transaction is completed. Storing CVC 2 codes is prohibited and could result in fines. You may store other account information, e.g. cardholder name, account number and expiration date but not the CVC 2.
Why should you use CVC 2? Using CVC 2 will benefit your organization in a number of ways, including:
- Enhanced fraud protection. Card-not-present merchants run a greater risk of processing fraudulent transactions than their store-front counterparts. Using CVC 2 provides an additional step in the process of verifying the validity of both the card and the cardholder.
- Reduced chargebacks. Reduced fraud leads to reduced fraud-related chargebacks. Chargebacks due to other reasons, however, will remain unaffected by the use of CVC 2.
- Improved bottom line. Fraudulent and charged-back transactions lead to lost revenue and can mean extra processing time and costs. CVC 2 helps limit such losses and minimize operating costs.
Accept card payments quickly and safely
Accept online payments via credit and debit cards and electronic checks at the lowest processing costs. You will get:
- Free merchant account and Authorize.Net gateway set-up.
- No monthly merchant account or gateway fees.
