Validation Code: What it is, How it Works, Example

What Is a Validation Code?

A validation code—also known as a CVV, CV2, or CVV2 code—is a series of three or four numbers located on the front or back of a credit card. It is intended to provide an additional layer of security for credit card transactions that take place online or over the phone.

Most credit card issuers place their validation codes on the back of the card, on the far-right side of the signature panel. On American Express (AXP) cards, however, the validation code is printed on the front of the card.

Key Takeaways

  • A validation code is one of the security measures deployed to reduce credit card fraud.
  • It consists of a three or four-letter code printed on the front or back of a credit card.
  • According to the latest Nilson Report, instances of credit card fraud have continued to rise, reaching nearly $29 billion in 2019 and projected to rise to around $38 billion by 2027, with the United States accounting for a significant portion of the most, recently reported losses, at nearly 34%.

How Validation Codes Work

As online shopping continues to grow in popularity, the threat of identity theft and other forms of credit card fraud has become increasingly severe. One measure taken to try to mitigate this risk is the use of validation codes when making credit card purchases.

In a typical transaction, a customer will be asked to provide their name, billing address, card number, expiration date, and validation code. Although many of these details, such as the name and address, could be obtained from other sources, the card number, expiration date, and validation code can theoretically only be obtained from possessing the card itself. As an added measure, the validation code is generally printed on the back of the card, making it more difficult for would-be thieves to glean all the necessary information from a single photograph of the credit card.

To process the credit card transaction and verify the identity of the user, the entered CVV is compared against the card number.

To further enhance these security measures, consumer protection laws prevent merchants from storing customers’ validation codes after a purchase has been made—although unscrupulous sellers may still record this information illegally. An additional measure of protection is provided by the personal identification numbers (PINs) that cardholders must enter when making payments using point-of-sale (POS) terminals.

Real-World Example of a Validation Code

Although security measures such as the validation code raise the difficulty of committing identity theft or making purchases using a stolen credit card, they are unlikely to deter a sufficiently motivated thief. In practice, credit card fraud has continued to climb in recent years, surpassing 393,207 reported cases in 2020. The United States is by far the most acutely affected country, representing nearly 34% of global cases.

Merchants are not allowed to store card security codes after a customer makes a purchase, which provides extra protection against credit card theft. Still, validation codes can be stolen, and cardholders should protect their card’s validation code just as they would protect the card number and expiration date. The validation code is a key piece of data that can enable thieves to make fraudulent transactions with someone else’s card.

However, if a thief does use a stolen card, the cardholder's liability is limited to $50 under the Fair Credit Billing Act (FCBA), depending on when the theft is reported. Customers who realize their card is missing, or detect suspicious or unauthorized purchases or other activity, should contact their credit card issuer immediately to report the problem and alert them to a possible case of fraud. The card issuer can then cancel or deactivate the card.

Article Sources
Investopedia requires writers to use primary sources to support their work. These include white papers, government data, original reporting, and interviews with industry experts. We also reference original research from other reputable publishers where appropriate. You can learn more about the standards we follow in producing accurate, unbiased content in our editorial policy.
  1. American Express. "Many Kinds of Cards. One Kind of Membership." Accessed March 15, 2021.

  2. Nilson Report. "Card Fraud Losses Reach $28.65 Billion." Accessed Mar. 15, 2021.

  3. Federal Trade Commission. "Consumer Sentinel Network Data Book 2020," Page 8. Accessed March 15, 2021.

  4. Federal Trade Commission. "Disputing Credit Card Charges." Accessed March 15, 2021.

Open a New Bank Account
×
The offers that appear in this table are from partnerships from which Investopedia receives compensation. This compensation may impact how and where listings appear. Investopedia does not include all offers available in the marketplace.
Part of the Series
Credit Card Security