Card Verification Value 2 (CVV2) is a three-digit number located on the back of every Visa credit and debit card, to the right of the signature panel. It is used by MO/TO and eCommerce merchants to verify that the customer is in a physical possession of the card at the time of the payment. When processing CVV2 requests in card-not-present transactions, merchants should follow these best practices:
- The CVV2 verification process begins with the merchant asking the customer to provide the last three digits in or next to the signature panel on the back of the Visa card.
- If the customer provides the requested numeric code, it should be included with the account number and the expiration date when the transaction is submitted for authorization. Whether the CVV2 is included in the authorization request or not, one of the following CVV2 presence indicators should be included in the authorization request:
Indicator
Meaning
0
CVV2 is not included in authorization request. 1
CVV2 is included in authorization request. 2
Cardholder has stated that CVV2 is illegible. 9
Cardholder has stated that CVV2 is not on the card. - The merchants will receive a CVV2 result code from the card issuer, along with the transaction authorization. You should evaluate the code and take it into account when deciding on how to proceed with the transaction. You will receive one of the following result codes.
CVV2 Result Code
Recommended Action
M - Match Complete the transaction, taking into account all other transaction characteristics and verification data. N - No match This is a sign of potential fraud which should be taken into account along with the authorization response and any other verification data. You may also want to resubmit the CVV2 with a zero-dollar authorization request to rule out the possibility of a key-entry error. P - CVV2 Request not processed Resubmit the authorization request. S - Cardholder reports that CVV2 is not on the card Follow up with the customer to verify that the correct card location has been checked for CVV2. U - Issuer does not support CVV2 Evaluate all available information and decide whether to proceed with the transaction or to investigate further.
