What is a CVV on a credit card?

A CVV (Card Verification Value) is a 3- or 4-digit security code printed on a credit or debit card. It is used during online and phone transactions to verify that the person initiating the payment has physical possession of the card. It is separate from the card number and PIN.

Where do I find the CVV number on my card?

For Visa, Mastercard, and most other cards, the CVV is the 3-digit number printed on the back of the card, near the signature panel. For American Express, it is a 4-digit code printed on the front of the card, above the card number.

What is the difference between CVV and CVC?

CVV and CVC refer to the same type of card security code. The difference is only in terminology: Visa uses CVV, Mastercard uses CVC, and American Express calls it CID. All three serve the same function: verifying the cardholder's physical possession of the card.

CVV2 refers to the second-generation card verification code, the static number printed on the card surface. In everyday usage, CVV and CVV2 are interchangeable terms for the same printed security code.

Can merchants store my CVV?

No. PCI DSS prohibits merchants from storing CVV data after a transaction has been authorized. This rule ensures that even if a merchant's systems are compromised, card security codes are not available to fraudsters.

Why was my transaction declined for a CVV mismatch?

A CVV mismatch decline means the code entered did not match the value the card issuer has on file. This can happen due to a typo, a worn card, or an attempt to use card details obtained without the physical card. Double-checking and re-entering the printed code usually resolves the issue for legitimate cardholders.

¿Qué es el CVV en una tarjeta de crédito?

El CVV (Card Verification Value) es un código de seguridad de 3 o 4 dígitos impreso en una tarjeta de crédito o débito. Se utiliza en transacciones en línea y por teléfono para verificar que quien realiza el pago tiene la tarjeta física en su poder. Es independiente del número de tarjeta y del PIN.

¿Dónde encuentro el número CVV en mi tarjeta?

En tarjetas Visa, Mastercard y la mayoría de las redes, el CVV es el número de 3 dígitos impreso en el reverso de la tarjeta, cerca del panel de firma. En las tarjetas American Express, es un código de 4 dígitos impreso en el frente, sobre el número de tarjeta.

¿Cuál es la diferencia entre CVV y CVC?

CVV y CVC hacen referencia al mismo tipo de código de seguridad. La diferencia es solo terminológica: Visa usa CVV, Mastercard usa CVC y American Express lo denomina CID. Los tres cumplen la misma función: verificar que el titular tiene la tarjeta física en su poder.

¿Qué significa CVV2?

CVV2 se refiere a la segunda generación del código de verificación de tarjeta: el número estático impreso en la superficie de la tarjeta. En el uso cotidiano, CVV y CVV2 son términos intercambiables que designan el mismo código de seguridad impreso.

¿Pueden los comercios almacenar mi CVV?

No. El estándar PCI DSS prohíbe a los comercios almacenar el CVV después de que una transacción ha sido autorizada. Esta norma garantiza que, incluso si los sistemas de un comercio son vulnerados, los códigos de seguridad de las tarjetas no estén disponibles para los defraudadores.

¿Por qué fue rechazada mi transacción por falta de coincidencia del CVV?

Un rechazo por falta de coincidencia del CVV significa que el código ingresado no corresponde al registrado por el emisor de la tarjeta. Puede deberse a un error tipográfico, a una tarjeta deteriorada o a un intento de usar datos obtenidos sin la tarjeta física. Revisar e ingresar nuevamente el código impreso suele resolver el problema.

O que é o CVV em um cartão de crédito?

O CVV (Card Verification Value) é um código de segurança de 3 ou 4 dígitos impresso em um cartão de crédito ou débito. Ele é utilizado em transações online e por telefone para verificar que a pessoa que está realizando o pagamento possui o cartão físico. É independente do número do cartão e da senha.

Onde encontro o número CVV no meu cartão?

Em cartões Visa, Mastercard e na maioria das bandeiras, o CVV é o número de 3 dígitos impresso no verso do cartão, próximo ao painel de assinatura. Nos cartões American Express, é um código de 4 dígitos impresso na frente do cartão, acima do número do cartão.

Qual é a diferença entre CVV e CVC?

CVV e CVC se referem ao mesmo tipo de código de segurança. A diferença é apenas terminológica: a Visa usa CVV, a Mastercard usa CVC e a American Express chama de CID. Os três cumprem a mesma função: verificar que o titular tem o cartão físico em mãos.

O que significa CVV2?

CVV2 se refere à segunda geração do código de verificação do cartão, o número estático impresso na superfície do cartão. No uso cotidiano, CVV e CVV2 são termos intercambiáveis que designam o mesmo código de segurança impresso.

Os comerciantes podem armazenar meu CVV?

Não. O padrão PCI DSS proíbe os comerciantes de armazenar o CVV após a autorização de uma transação. Essa regra garante que, mesmo que os sistemas de um comerciante sejam comprometidos, os códigos de segurança dos cartões não estejam disponíveis para fraudadores.

Por que minha transação foi recusada por divergência de CVV?

Uma recusa por divergência de CVV significa que o código informado não corresponde ao registrado pelo emissor do cartão. Isso pode ocorrer por erro de digitação, cartão desgastado ou tentativa de uso de dados obtidos sem o cartão físico. Verificar e reinserir o código impresso geralmente resolve o problema.

Back

February 27, 2026

What Are CVV and CVC Codes? How Card Security Codes Protect Online Payments

Every time you enter your payment details to complete an online purchase, there is a small but critical number standing between your account and fraud. That number is the CVV, and most cardholders use it without fully understanding what it does or why it matters.

For merchants and payment operations teams, understanding how CVV and CVC codes work is just as important. These codes are a foundational layer of card-not-present security, directly affecting transaction approval rates, fraud exposure, and the reliability of your checkout flow.

This post explains what a CVV is, where it comes from, how it protects transactions, and what it means in practice for merchants managing online payments at scale, from checkout design to PCI compliance to recurring billing.

‍

What is a CVV or CVC code?

A CVV (Card Verification Value) is a 3- or 4-digit security code printed on a payment card that is used to verify the cardholder's physical possession of the card during online and phone transactions. CVC stands for Card Verification Code and refers to the exact same concept. The terminology differs by card network.

Visa calls it CVV. Mastercard uses CVC. American Express refers to it as CID (Card Identification Number) and places a 4-digit code on the front of the card rather than the back. Regardless of the label, the function is identical: it provides a layer of fraud protection that is separate from the card number itself.

The code is generated through a cryptographic process involving the card number, expiration date, and a secret key held by the card issuer. This means it cannot be derived mathematically from the card number alone, which is precisely what makes it useful as a security check.

‍

What is the difference between CVV, CVV2, and CVC2?

CVV2 and CVC2 refer to the second-generation version of the card verification code, the one printed on the physical card. The "2" was introduced to distinguish the static printed code from an earlier dynamic version that was encoded in the card's magnetic stripe.

In practice, when someone asks for your "CVV" or "CVV2" during an online checkout, they are referring to the same printed number. The distinction matters more at the technical and issuer level than for day-to-day use. CVV2 is the Visa nomenclature; CVC2 is Mastercard's. Both refer to the static security code on the card surface.

‍

Where is the CVV number located on a credit or debit card?

For Visa, Mastercard, and most other major card networks, the CVV is a 3-digit number printed on the back of the card, typically in or near the signature panel to the right of the card number.

For American Express cards, the code, called CID, is a 4-digit number printed on the front of the card, above and to the right of the card number.

One important detail: the CVV is printed, not embossed. It does not appear in the raised lettering used for the card number. This is intentional. Because it is not embossed, it cannot be captured by the old-style card imprint machines that were once common in retail, adding a layer of protection against older forms of fraud.

‍

How does a CVV code protect online payments?

The CVV protects against a specific and common category of fraud: card-not-present transactions where someone has obtained a card number but does not have the physical card.

When a cardholder submits a CVV during checkout, the payment processor sends it to the card issuer for verification. The issuer checks the code against its records. If it does not match, the transaction is declined. This step confirms that the person initiating the transaction likely has the physical card in their possession.

Critically, CVV codes are not supposed to be stored by merchants after a transaction is authorized. PCI DSS (Payment Card Industry Data Security Standard) explicitly prohibits the storage of CVV data post-authorization. This means that even if a merchant's database is compromised and card numbers are leaked, the CVV codes should not be there, rendering the stolen card numbers far less useful for committing fraud online.

For merchants, this creates a practical obligation: any payment infrastructure they use must handle CVV data in a way that is fully compliant with PCI DSS rules. Platforms that manage this correctly help merchants reduce their compliance scope and limit fraud liability. Understanding how payment orchestration supports PCI compliance is especially relevant for businesses processing high transaction volumes across multiple providers.

‍

Is it safe to enter your CVV online?

Entering a CVV on a legitimate, secure website is safe. The key conditions are that the website uses HTTPS (encrypted connection) and that the merchant is PCI DSS compliant.

Where cardholders face risk is in phishing scenarios: fraudulent websites or emails designed to look like legitimate merchants and capture card details including the CVV. Because the CVV was never meant to protect against social engineering, only against database breaches of card numbers, it remains effective as long as cardholders are submitting it to trusted sources.

For merchants, the responsibility is to create a checkout environment that cardholders can trust. That includes using secure payment forms, avoiding redirects to suspicious pages, and ensuring that the CVV field is never logged or retained after authorization. A well-structured checkout that communicates security clearly also reduces checkout abandonment driven by user hesitation.

‍

What happens when the CVV does not match?

When the CVV submitted during a transaction does not match the value on file with the card issuer, the issuer returns a CVV mismatch response code. In most cases, the transaction is declined.

This outcome protects the cardholder from unauthorized use, but it also creates friction for legitimate customers who may have misread the code, entered it into the wrong field, or are using a worn card where the printed number is no longer legible. For merchants, CVV declines are a real source of revenue loss, particularly when they occur at scale.

Understanding how to interpret and act on decline reason codes is part of effective payment operations. Merchants who route transactions intelligently and monitor authorization response codes can identify whether CVV mismatches represent fraud attempts or fixable friction in the checkout flow. A smart routing strategy helps separate these signals and respond accordingly.

‍

Does a CVV expire or change?

The printed CVV on a physical card does not change during the card's validity period. When a card is reissued, whether because it expired, was reported lost or stolen, or was replaced due to a security incident, the new card receives a new CVV.

This is an important detail for merchants managing recurring billing. Stored card credentials used for subscriptions or repeat charges do not include the CVV, because storing it is prohibited under PCI DSS. As a result, recurring transactions are typically processed without CVV verification after the initial authorized transaction. Card issuers accommodate this through a separate set of rules for merchant-initiated transactions, but it means recurring billing setups require careful integration with card vaulting and tokenization to manage credentials securely without retaining sensitive verification data.

‍

How do merchants handle CVV in a payment stack?

Merchants do not directly store or process CVV data. That responsibility falls to PCI-compliant payment processors and gateways. When a card form is rendered at checkout, the CVV field is typically handled by a secure tokenization layer that captures the data, transmits it encrypted to the processor, and ensures it never touches the merchant's own servers.

This architecture is deliberate. By keeping CVV data out of the merchant's environment, the merchant reduces its PCI DSS compliance scope significantly. It also limits exposure in the event of a system breach.

For operations teams running payment stacks across multiple providers and geographies, visibility into how CVV checks are being handled, and how CVV-related declines are trending, is an essential part of authorization rate optimization. Connecting that data across processors through a single layer gives payments teams the insight they need to act on it quickly.

Frequently asked questions

More from the Blog

No items found.

More from the Blog

September 13, 2024

History of Digital Payments

Discover the fascinating journey of digital payments from the 1960s to today's cutting-edge technologies. Explore how innovations like PayPal, mobile wallets, and super apps are revolutionizing commerce and steering us toward a cashless society.

YUNO TEAM

September 11, 2024

Enhancing economic resilience through digital payment innovations

As economies face challenges, the integration of contactless payments, mobile wallets, and online banking provides the transparency and security needed to promote stability. Learn how Yuno’s cutting-edge solutions can drive your business towards growth and security in today’s evolving digital landscape.

YUNO TEAM

January 23, 2026

How to Add New Payment Methods Without Backend Refactors or PCI Scope Expansion

Learn how to add new payment methods without backend refactors or expanding PCI scope. Explore tokenization, hosted fields, and orchestration.

YUNO TEAM

BOOK A DEMO

Talk with one of our payment experts

Explore how Yuno's innovative payment orchestration solutions can help you increase approval rates, reduce costs, seamlessly integrate over 1,000 global and local payment methods, and simplify payment management.

Link Copied!

The link has been successfully copied to your clipboard.

PRODUCT

Stablecoins

Chargeback Management

RESOURCES

API Documentation Guides Blog eBooks Success Stories Product Updates Book a Demo Dashboard Log in See it in Action Yuno vs. Primer Yuno vs. Payrails Yuno vs. Gr4vy Yuno vs. Spreedly Yuno vs. Ixopay

COMPANY

About us Careers Trust & Security Integrations Brand Guidelines Newsroom Yuno Status Privacy Terms & Conditions (Merchants)Terms & Conditions (Partners)

COVERAGE

North America

LATAM

Europe

Middle East

Africa

APAC

Yuno is proudly certified to the highest industry standards, ensuring that data is handled with the utmost security and compliance. Its certifications include ISO 27001 and ISO 27701 for information security and privacy management, GDPR compliance for data protection, PCI DSS for secure payment processing, SOC 2 Type 2 for service organization controls, and recognition as a Visa Service provider. These certifications demonstrate Yuno's commitment to delivering trusted and secure services for businesses worldwide.

Copy logo as SVG

Copy mark as SVG

Download brand assets

Visit Brand Guidelines

The playbook fot the next era of payments.