What Is a Security Code on a Credit Card?
A credit card security code (CSC) is a 3- or 4-digit number that is printed on all credit cards, separate from the card number. The purpose of the security code is to protect your account from fraud, and it is required along with the card number and expiration date for purchases made online or over the phone. If someone finds out your card number but not your security code, they won’t be able to make fraudulent purchases in your name.
The security code is also known as the CVV, which is short for card verification value. Other possible variations include CVC, CSC, CVN, CVVC and more. These names all refer to the same thing.
Where Is the Security Code on a Credit Card?
The location of a credit card’s security code depends on what network the card is on, but it’s usually on the back of a card. The number of digits can vary by network as well, and American Express is the outlier in both cases.
| Card Network | Security Code Location | Number of Digits |
| Visa | Back of card, to the right of signature | 3 |
| Mastercard | Back of card, to the right of signature | 3 |
| Discover | Back of card, to the right of signature | 3 |
| American Express | Front of card, above and to right of number | 4 |
When You Need Your Credit Card Security Code
You don’t need to provide your credit card’s security code when making purchases in person. It’s automatically retrieved and authenticated when the credit card is swiped, “dipped” into an EMV chip reader, or “tapped” onto a contactless-enabled payment terminal.
However, the security code is almost always mandatory for “card-not-present” transactions, which are credit card transactions completed online or over the phone. Being able to produce this number, along with the card number and expiration date, shows that you actually have the card you’re using. That makes it less likely that the transaction is fraudulent.
Why Some Merchants Might Not Ask for a Security Code
Merchants are responsible for requesting your security code prior to approving your payment, but not all of them will choose to do so. Some people may find their security codes hard to read or hard to find, so some stores skip the security code verification step to simplify the buying experience. These merchants don’t want an additional step in the checkout process that could stop you from completing a purchase.
However, stores that do this typically have other security measures in place to prevent fraud, such as an “address verification system” that matches your address to the one on file for the card.
Why Credit Card Security Codes Are Important
The added protection that credit card security codes provide is one of the reasons why fraud only impacts a very small percentage of all electronic transactions. While credit card fraud can still occur even with transactions that require a security code, the extra layer of protection definitely helps.
When you are asked to provide your security code, merchants are trying to ensure that you have a genuine card. The code cannot be found anywhere else, as merchants are prohibited from storing it – along with PIN codes and magnetic stripe data. Because this data is never stored, it is more difficult, though not impossible, for thieves to commit fraud even if they have your other credit card information, like your name and card number.
Should You Ever Share Your Credit Card Security Code?
When you buy something online from a secure, reputable website or through a trusted retailer over the phone, you will need to provide your security code to complete the purchase. But you should not share the code with anyone else. If someone who’s not a merchant knows your card number, security code and expiration date, they can use that information to make purchases even without having your card.
Security Code Scams
- There are numerous scams designed specifically to retrieve your credit card security code.
- The scammer will often already have your credit card number, full name and expiration date, missing only the security code. Though they use various methods to gain access to your code, many will choose to call you pretending to be your bank.
- It is very important to know that banks will never ask you for sensitive financial information over the phone. So never provide it when asked. Always hang up suspicious calls and dial your bank’s direct number instead to speak with a confirmed representative.
- Always keep your security code private.
What to Do if Your Security Code Gets Compromised
You don’t have to worry too much about credit card fraud if your security code gets compromised. All major issuers have $0 fraud liability guarantees, meaning they won’t require you to pay for fraudulent transactions.
Just make sure to monitor your credit card statements and credit reports so you can catch any fraud right away, and immediately report anything you find to your credit card issuer. Your issuer will also monitor your account from their end and contact you about any suspicious activity.
Other Names for Credit Card Security Codes
One of the confusing things about a credit card’s security code is the variety of names used to describe it. Depending on which credit card network and type of card you use, the code can be indicated as:
- Card security code (CSC)
- Card verification number (CVN)
- Card verification data (CVD)
- Card verification or validation code (CVC or CVC2)
- Card verification value (CVV or CVV2)
- Card verification value code (CVVC)
- Card ID (CID)
- Verification code (V-Code)
- Signature panel code (SPC)
If you ever come across one of these complex-sounding terms, don’t be alarmed. Recognize that you’re simply being asked for your credit card security code. All these terms mean the same thing.
Credit Card Security Code Alternatives
The best alternative to giving merchants your real card number and security code is to use a digital wallet or virtual card. They help protect your real card information.
Digital Wallets
Digital wallets such as Apple Pay, Google Pay and Samsung Pay generate a unique identification code each time you make a purchase online or at the point of sale. This dynamic security code – also known as a CVV3 or token cryptogram – serves the same purpose as a credit card security code, ensuring that the payment account is indeed yours.
The use of proxy security codes is what’s known as tokenization. These types of codes are used in EMV chip and contactless card transactions. Transactions that use tokenization are more fraud-resistant than magnetic-stripe transactions. That said, contactless cards still have traditional security codes that can be used.
Virtual Cards
Virtual cards work similarly to digital wallets. With a virtual card, instead of a unique cryptogram for each transaction, a merchant receives a card number, security code and expiration date that are tied to your credit card account but don’t actually match what’s on your physical card. That way, if someone hacks the merchant, they can’t use your card information for purchases anywhere else.
How to Keep Your Credit Card Information Secure
You can’t rely on your credit card security code alone to keep your card information secure. There are a number of steps you can take to minimize the risk of falling victim to fraud.
- Never share your card info. Don’t give out your card number, expiration date, or security code to anyone who’s not a trusted merchant, creditor or organization you’re making a payment to. Be especially sure to never give out your info to anyone who cold calls you.
- Don’t let people borrow your card. While this isn’t illegal, it does violate credit card network rules, and you can’t know how well the person you lend it to will safeguard your information.
- Obscure your card info online. Use digital wallets and virtual cards to make purchases without sharing your real card information with merchants.
- Only enter your card information on secure websites. If the website’s URL begins with “http” instead of “https,” it isn’t secure and thus isn’t safe for entering your card info.
- Watch out for fraudsters’ devices. Criminals sometimes place credit card skimming devices, which can steal your card info, on payment terminals. It’s important to know what they look like and to check for them.
- Check out using your card’s chip. Your transactions are less secure if you just swipe your card instead of inserting the chip into the card reader or tapping it on a contactless reader.
- Monitor your credit. WalletHub provides free 24/7 credit monitoring for everyone with a WalletHub account. With our daily updates, you can see any major changes on your credit report and quickly catch fraud.
- Check your transactions on a regular basis. At the very least, take a thorough look over every credit card statement to make sure no transactions seem suspicious. It’s better to look over your transactions in your online account at least once a week, though. Report anything that stands out as suspicious to your issuer right away.
- Cut up your old cards. When you close a credit card account or get a new card before the old one expires, cut up the old card. While it won’t be usable even if you don’t cut it up, it still contains personal information that fraudsters could make use of.
You can learn more about how to protect yourself from fraud and identity theft here on WalletHub.
WalletHub experts are widely quoted. Contact our media team to schedule an interview.