Across the Board

Blog on e-business and online payments.

Card payments – glossary

If you are an online payments newbie, no doubt you’re getting lost in all new expressions, phrases, definitions. That’s why we come to your rescue with this 3-part introduction to payments safety. Today, we set off with CVV2.

There’s no doubt that paying with cards is one of the safest online payment methods. One of its maid advantage is chargeback – a return of funds. Thanks to this, a customer can get their money back if they don’t recognize a given transaction or think the merchant scammed them.

This kind of an ‘insurance’ allows customers to get a refund, regardless of the entity that collected the payment, without taking them to court. Chargeback is the last resort for a customer. Banks wouldn’t take the liberty of accepting many of them (they are not fully automated), and reporting each chargeback would be of a nuisance for customers.

That is why the safety of card payments is ensured in several ways. Using a specific method can depend on numerous factors, starting with a country, card issuer, ending on merchant’s decision.

It is advisable that both clients and merchants are familiar with such solutions. The former, as not to be surprised when asked for some details, the latter, to know what they can offer and how they can improve their security.


CVV2 code is one of the most common types of protection. It is made up of 3 digits, which are visible next to the signature on card reverse – the exception are American Express cards, which have 4 digits above the card number.

We can be asked to enter the CVV2 code when giving card details at an online shop (e.g. the number or expiry date). This simple safety net is used to check whether a client physically owns a given card, or just has its details. It is reliable, as no entities (merchant, acquirer etc.) can keep the CVV2 code in their database, if they are PCI DSS compliant. That is why it is worth checking a merchant before finalising the transaction – they usually display a PCI DSS logo on their website.

The name ‘CVV’ is used by Visa – in general, the code is called CSC (or CSC2). However, merchants (or other entities) often use the term CVV2, as they don’t always distinguish between card issuers. The ‘2’ stands for the generation of the security code.

Various card institutions name the CSC2 code as following:

Some merchants, like Amazon, don’t require entering the CVV2 code while shopping. It can cause problems if a card issuer doesn’t allow payments without verifying CVV2 – the enthusiasts of Jeff Bezos’s shop have sure heard of such incidents. The only solution then is to use a different card, without that security requirement.

Stay tuned for more!

Mr. Banks is actually a fictional character, but does some real work. This makes him PayLane's fictional employee of the year :)

Are you a business looking for a payment processor?

Don't miss any articles!

Leave your email and get regular updates!

Close window