Why do some online payment processors require the CVV code and others don’t?

1.20K views

Why do some online payment processors require the CVV code and others don’t?

In: Technology

5 Answers

Anonymous 0 Comments

Two main reasons.

You can process a payment without a CVV but there’s a higher degree of fraud. Bigger companies may accept that risk because it’s still a small percentage of their overall payments. Smaller companies like mom and pop stores will suffer badly with a fraud payment so they absolutely need the CVV.

Also some nasty websites will store the CVV after the first time you use it, and provide it automatically. However this is a MASSIVE risk and they may get shut down or fined over it. There’s an entire audit process called PCI around this.

Anonymous 0 Comments

The card processing companies charge different rates based on how they got the card info. The more information provided with the transaction the lower the rate.

For instance, you can process a payment based only off the number. But the processing companies will charge a higher percentage because of the risk of using someone else’s card.

Providing the full information found all over the card(front back) significantly reduces the risk that the card is being used fraudulently. So the processors will charge a lower rate.

These rates are not all that different, but 0.1% makes a big difference across thousands of transactions.

Anonymous 0 Comments

I’ve never found an online payment system in the UK that doesn’t require your CVV, and honestly I’d find it pretty shady if they didn’t.

Then I noticed when working at an airport, that a lot of our American customers weren’t used to signing for card payments or us actually checking the signature, so maybe the requirements on processing payments are just less stringent.

We also had to insist on chip and pin over swipe and sign if their card was able to go through via chip and pin (Although we still took contact less payments which seems to sort of eliminate the point of both chip and pin and swipe and sign.)

Edit: More accurate to say ‘non European’ than American, similar issues with customers from China, India etc.

Anonymous 0 Comments

Holy shit, just the other day I made an impulse buy on my break after getting a “flash sale” email from a website I use. The website has my payment info saved, but I had to enter my CVV and accidentally entered my debit card CVV instead. Realized it after the fact, but the transaction went through anyway. Made me a little wary.

Anonymous 0 Comments

Online credit card processing can be done in many different ways according to many different options. Strictly speaking, to bill a card, all you need is the number. All the other information is optional.

Credit card processing companies are in charge of collecting credit card processing fees, authenticating the card, and billing the credit card company.

Whenever a company wants to take credit cards, they negotiate and sign a contract with one of these companies. If the account holder follows more security protocols to process cards, they get a discount. So most places ask for CVV to save money.

So a contract can be drawn up to not require CVV codes. But there may also be technological reasons preventing adopting new security protocols. For example, a lot of stores don’t use chip readers, because they don’t want to pay to replace their credit card machines. Online, a company might not want to upgrade their computer software to support CVV codes, because it costs money.

Above someone asked why a company would not want the most strict security options to reduce risk.
An important point is that the fraud risk is not the merchant’s problem. The credit card company loses money if the transaction is fraudulent. The merchant gets paid no matter what. So the processor basically insures every purchase against fraud by including that cost in the processing fee.

The question is whether a lower processing fee offsets the cost of increased security measures. When you do the math, sometimes less security saves money.