Is a 3 or 4 digit CVV enough for online transactions?

  • Background: The CVV/CVV2 number ("Card Verification Value") on a credit card or debit card is a 3 or 4 digit number printed on the card. It is 3 digits on VISA, MasterCard and Discover branded credit and debit cards, and 4 digits on an American Express branded credit or debit card. The CVV code is not embossed on any of these cards.

    My question: Is 3 or 4 digits enough for online transactions to be secure?

  • GdD

    GdD Correct answer

    9 years ago

    The credit card companies are aware of this, their anti-fraud detection software will block a card if they see more than a small number of attempts with incorrect CVV codes. Even having an understanding of the algorithms for generating CVVs a hacker would still have to get lucky to successfully be able to make a transaction.

    As for whether it is a great system then the answer is no. It's still vulnerable to fraud, however it is much better than no CVV code at all. It's a quick and easy fix to add more security into the system until the industry can agree on a more permanent solution.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM

Tags used