CVV2 / CVC2 / CID definitions and security

Summary:

CVV2 / CVC2 / CID definitions and security

Solution:

A summary of the names of these security codes for the respective card types and their locations on the card are below:

• MasterCard – card validation code ("CVC2")
• Visa – card verification value ("CVV2")
• Discover – card identification number ("CID")
• American Express – "CID" or "unique card code"
• Debit Card – "CSC" or "card security code"

The card security code is typically the last three or four digits printed, not embossed like the card number, on the signature strip on the back of the card. On American Express cards, the card security code is the four digits printed (not embossed) on the front towards the right. The card security code is not encoded on the magnetic stripe but is printed flat.

• American Express cards have a four-digit code printed on the front side of the card above the number.
• MasterCard, Visa, Diners Club, Discover, and JCB credit and debit cards have a three-digit card security code. The code is the final group of numbers printed on the back signature panel of the card.
• New North American MasterCard and Visa cards feature the code in a separate panel to the right of the signature strip.This has been done to prevent overwriting of the numbers by signing the card.

CVV/CID data is not stored in the Counterpoint database for PCI reasons.  For payments made using a customer card on file payment, the CVV/CID data must be obtained from the customer or skipped. 

Note: For card not present transactions, there may be higher processing fees assessed by your processor if AVS/CVV/CID information is not requested from the customer.

To enable CVV: In Setup / Point of Sale / Devices, for the isc250 select CVV required for Manual Entry on Device. This behavior does not change when using an EMV payment terminal. 

When and where should AVS/CVV prompts appear? (NCR Secure Pay only) 

• Card on File using non-P2PE pinpad, AVS/CVV2 Enabled:
  • Required Encryption Level: Never Require P2PE
    
    • System allows user to see AVS and CVV prompts on Ticket Entry payment screen, and able to manually enter CVV and update default AVS data (depending on AVS settings under Store / Credit Card tab).
  • Required Encryption Level: Require P2PE when available
    
    • System allows user to see AVS and CVV prompts on Ticket Entry payment screen and able to manually enter CVV and update default AVS data (depending on AVS settings under Store / Credit Card tab).
      
  • Required Encryption Level: Always require P2PE
    
    • If no P2PE encrypted device is available, Device not encrypted error message will appear on log in.
      
    • System allows user to see AVS and CVV prompts on Ticket Entry payment screen and able to manually enter CVV and update default AVS data (depending on AVS settings under Store / Credit Card tab).
• Manual Card using non-P2PE pinpad, AVS/CVV2 Enabled:
  
  • Required Encryption Level: Never Require P2PE
    
    • Not available on non-encrypted Pin Pad.
  • Required Encryption Level: Require P2PE when available
    
    • Not available on non-encrypted Pin Pad.
  • Required Encryption Level: Always require P2PE
    
    • Not available on non-encrypted Pin Pad.
      
• Manual Card entry in Counterpoint using non-P2PE pinpad, AVS/CVV2 Enabled
  
  • Required Encryption Level: Never Require P2PE
    System allows user to see AVS and CVV prompts on TE payment and can manually enter CVV and update default AVS data   (depending on AVS settings under store/credit setup)
  • Required Encryption Level: Require P2PE when available
    • System allows user to see AVS and CVV prompts on TE payment and can manually enter CVV and update default AVS data   (depending on AVS settings under store/credit setup)
  • Required Encryption Level: Always require P2PE
    
    • N/A
      
      
• Card on File using P2PE pinpad, AVS/CVV2 Enabled, CVV required on device setup:Manual Card using P2PE pinpad, AVS/CVV2 Enabled, CVV required on device setup:
  • Required Encryption Level: Never Require P2PE / Always Require P2PE / Require P2PE when available
    
    • System allows user to see AVS and CVV prompts on Ticket Entry payment screen and able to manually enter CVV and update default AVS data (depending on AVS settings under Store / Credit Card tab).
      
      
• Required Encryption Level: Never Require P2PERequired Encryption Level: Require P2PE when available
  • System prompts for AVS data from Ticket Entry payment screen if AVS is required per setup in store/credit. CVV is prompted at pinpad.
• • System does not allow user to manually enter card  data  from Ticket Entry payment screen, only from encrypted pinpad.
  • System does prompt for AVS data from Ticket Entry payment screen if AVS is required per setup in Store / Credit Card tab.
• Required Encryption Level: Always require P2PE
• System does not allow user to manually enter card   data  from Ticket Entry payment screen, only from   encrypted pinpad.
• System does prompt for AVS data from Ticket Entry payment screen if AVS is required per setup in Store / Credit Card tab.
  
• Manual Card entry in Counterpoint, P2PE pinpad, AVS/CVV2 Enabled, CVV required on device setup:
  
  • Required Encryption Level: Never Require P2PE
    • System allows user to see AVS and CVV prompts on Ticket Entry payment screen and able to manually enter CVV and update default AVS data (depending on AVS settings under Store / Credit Card tab).
      
  • Required Encryption Level: Require P2PE when available
    • AVS/CVV and card data cannot be entered manually from Ticket Entry payment screen. 
  • Required Encryption Level: Always require P2PE
    
    • AVS/CVV and card data cannot be entered manually from Ticket Entry payment screen.

Article ID: 606
Created: October 13, 2014
Last Updated: February 9, 2017

Online URL: https://counterpoint.knowledgebase.co/article.php?id=606