Web Hosting Talk : Web Hosting Main Forums : Ecommerce Hosting & Discussion : Do you Require CVV2?

[WebDevourer]

Hi folks,

I used to accept credit card transactions without requiring the 3 or 4 digits at the back of the card known as CVV2 or CVC or some other acronyms.

I didn't have much chargebacks but I wanted to increase the security of my site and I set my billing gateway to require CVV2. I noticed there are a lot of transactions that are rejected because the CVV2 does not match.

My question is: do you use the CVV2 or not? Is it worth it? Do you lose many sales because you require CVV2?

[ZacharyW]

I thought the CVV2 was required by most credit card processors, I doubt you will lose any sales due to the CVV2, and I would say for security it is more then worth it.

[WebDevourer]

The billing gateway I use sees it as an optional feature. You must take various steps to actually enable it. I never used it until today.

[Shikhir A]

Quote:

Originally Posted by WebDevourer

The billing gateway I use sees it as an optional feature. You must take various steps to actually enable it. I never used it until today.

That's very weird indeed..most processors require CCV2. I find it strange they don't.

Anyways, I would enable it now. CCV2 is very good because it provides another layer of protection.

If someone is afraid to use their CCV2, they don't have it or are fraud. Every credit card owner has a CCV2 on the back of their credit card.

Another reason is if the person has your Social Security number, they can look up your credit info (identity theft) and then pull from there the first 12 out of 16 digits on a credit card. The last 4 are easy to find because if they have a login of your hosting account, Google checkout account, etc. it's there (************1234) -> now they have all the "*" so they can use it. But credit reports don't include CCV2 and representatives cannot tell you CCV2 over the phone. So CCV2 prevents fraud somewhat

[blockdos-jon]

It doesnt do no good, I guess it all depends on your processor or offline terminal. I have had them fully verified phone and all, cvv2, etc. And all they have to do is sign one of those afidavits and your company wont even contest it.

[crazylane]

You can not store CCV's. If you do subscriptions, recurring billing, take installments from clients etc. you can store the CC for billing at a later date. PayPal's virtual terminal for one does not require the CCV.

[GCM]

They do help, but as per the agreements with the MasterCard/Visa/etc you can not store the code or risk having a large fine... I think WHMCS stored them at one time but that was changed.

[hycloud]

None of my processors require a CVV2 number.

Chase Paymentech, Bank of America, First Data.


Visa, MasterCard, Discover, and American Express has their own policies you have to abide by. They will all process the credit card transaction without the CVV2 number. However, they charge a higher discount rate and a higher transaction fee if you don't include the CVV2 number because it's consider higher risk without it.

Check to see if your fees are lower if you process credit cards with the CVV2 number.

Yes, my conversion rates go down when I required a CVV2 number. I only require it for Discover and American Express because their discount rates and fees are higher without it.

[wbacky]

my merchant account it is an optional feature and I do not really use it unless the billing system has it setup to pass over to the gateway.

[jstanden]

We used to check CVV2 on new orders as a precaution but we no longer require it. We can afford to do a bit more diligence per order (e.g. calling the cardholder) when selling software than many hosts could do on each $10/mo hosting order.

Occasionally we'll call a cardholder who has no idea what we're talking about and we void the order.

[everity]

It is not required for recurring transactions (since it is not stored), but if the customer is manually making a payment it is required.