Bank cards seem simple enough. They’ve got your name, your signature, card number, the expiration date, and something called the CVV (or CVC) code. Before you make another purchase online, learn what your CVV number means, why it’s important, and how you can protect your money by keeping your CVV secret.
CVV code stands for card verification value, or card verification code (CVC). It’s a 3-4 digit number written on your credit or debit card. The CVV number is used as an extra layer of security to prevent anyone who knows your card number from making purchases online in your name.
You can find the CVV code either on the back of the card (Visa, Mastercard), or the front (American Express).
Here’s something you may not know. While you can see one CVV code on your card, a second one is embedded into the magnetic strip of your card. Because of this code, when you swipe your card in a supermarket, you don’t need to enter the CVV code written on your card.
Card security measures help bring down physical card scams, but online scams are booming because so much credit card data is involved in data leaks. For example, hackers often get their hands on credit card numbers, the holder’s name, and the expiration date because merchants store your credit card information in their databases. That’s pretty bad. But the risks of leaked credit card scams are much lower because of CVV codes. Online merchants can’t store this data, so it’s usually not exposed in the case of a data breach. If you keep your CVV number secret, you’re much more likely to stay safe even if your credit card data is exposed.
CVV scams happen daily. However, most are too small to be picked up by the media. When they are, they affect many thousands of people. For example, in 2018, a consortium of cybercriminals called “MageCart” inserted malicious code into the payment pages of thousands of websites, stealing payment information of hundreds of thousands of unsuspecting customers.
More recently, the UK police have warned anyone using ATMs to be extremely careful because a new attack can drain people’s accounts in seconds. Scammers across the UK are installing discreet card-reading devices on top of ATMs. If the person inserts their card into the ATM, their data is sent to the hacker, who tries to spend the victim’s money as soon as possible.
Here are a few rules that help you keep your CVV code safe:
Since they are much harder to get, CVV codes often are a target for online scammers. Here are a few examples of CVV code scams:
The most common scam is phishing. It can take many forms, from targeting anyone you can catch to being designed to target one specific person. Since email is cheap to send, this scam doesn’t even need to work often for criminals to keep using it.
In the case of a CVV, phishing emails usually contain an urgent message from a bank, citing problems with your account and the possibility of you losing your money. Scammers then leave a link to a fake website, hoping you will think it’s real and enter your banking information and credit card data.
Today, various AI-powered tools allow scammers to create copycat websites more easily than ever before. Scam websites can look indistinguishable from real ones, the only difference being the URL. But people rarely pay attention to the address bar, which makes this scam so dangerous.
For example, a scammer can make a fake banking website and try to trick people into entering their emails, passwords, credit card, and personal information.
Social engineering is a tactic where, by using psychology and elaborate stories, the scammer tries to trick their victim into giving up key information. Social engineering attacks can be used as a stepping stone for a larger goal or be the goal itself and may include different desired outcomes such as getting into a secure area, finding out the name of a client, or tricking someone into revealing their CVV number.
For example, you may receive a call from your bank. They explain that there is a problem with your account and they need your credit card information to check it. The best course of action is to hang up and call your bank yourself.
Skimming is an attack where the scammer uses a small hacking device that can capture your credit card information. While skimming is a physical threat, web skimming can be performed by injecting malicious code into a website.
If you suspect that someone knows your CVV code, you should act immediately. Here’s what you should do to protect yourself:
By taking these steps, you can protect your account and limit the damage CVV code theft can cause. And remember to keep your sensitive information secure, no matter whether you’re shopping in your local corner shop or browsing online.
Want to read more like this?
Get the latest news and tips from NordVPN.
We value your privacy