Verified by Visa (VbV)

and CVV2 (Card Verification Value 2)

Visa strongly recommends that any merchants implementing VbV should continue
to deploy CVV2 - as this results in the greatest possible protection from fraud and
fraud-related chargebacks.
Background
To increase security and reduce their operating costs, Consequently, Visa strongly recommends that any
e-commerce merchants have the option of merchants implementing VbV should continue to deploy
implementing Verified by Visa (VbV) and Card CVV2 - as this results in the greatest possible protection
Verification Value 2 (CVV2). from fraud and fraud-related chargebacks.
These global verification tools reduce fraud Any e-commerce merchants that are not yet ready to
and chargebacks. deploy VbV are recommended to capture and transmit
CVV2 data.
To offer maximum security, both techniques should be
used in combination.
Verified by Visa (VbV) and CVV2 (Card Verification Value 2)
What is VbV?
VbV enables issuing banks to authenticate the identity
of any cardholders enrolled in the service when making
transactions over the Internet.
VbV allows authentication of the cardholder at the time of
purchase and consequently reduces the risk of fraud and
helps to eliminate costs related to fraudulent transactions.
For the merchants, VbV offers protection against
fraudulent chargebacks even when the cardholder and/or
the issuing bank are not participating.
What is CVV2?
CVV2 is a three-digit security number imprinted on the
signature panel of Visa cards, and helps validate that
the customer has a genuine card in their possession.
CVV2 is required on all Visa cards. It is printed on the
upper right portion of the signature panel and follows
the last four digits of the Primary Account Number (the
entire Primary Account Number may or may not
appear). CVV2 provides a cryptographic check of the
information embossed on the card.
How is CVV2 beneficial in an
E-commerce environment?
Visa and the issuing banks provide a real-time check of
the CVV2 code. This helps the E-commerce merchants
verify that the person making the purchase actually has
a genuine card in their possession.
If a purchaser only has the 16-digit credit card number
and the expiry date, they may not have the card,
highlighting a potentially fraudulent transaction. CVV2
is not a full identification of the cardholder but it does
present a significant barrier to the most common types
of E-commerce fraud. The CVV2 can also help prevent
fraud attacks using large-scale generation of card
numbers.
Merchants implementing CVV2 have seen reductions in
fraud losses of up to 70 per cent. A real example of
fraud losses for a Merchant that implemented CVV2 in
July 2003 is illustrated below:
Merchant A
Fraud Loss
70,000
60,000
50,000
40,000
30,000
20,000
10,000
0
J
u
l

0
3

A
u
g

0
3

S
e
p

0
3

O
c
t

0
3

N
o
v

0
3

D
e
c

0
3

J
a
n

0
4

F
e
b

0
4

M
a
r

0
4

A
p
r

0
4

M
a
y

0
4

J
u
n

0
4

Further information
For information security purposes all merchants are
prohibited from storing the CVV2 data.
For further information, merchants should contact their
acquiring bank or visit www.visaeurope.com.
2005 Visa Europe
EU03-0242-E-0905-BD-SO