Reducing Credit Card Fraud Without Increasing Cart Abandonment

One of the “quick wins” I recommend to retailers in improving their conversion rates by reducing cart abandonment is to explain what the credit card security code is, why it’s asked for and where to find it. We take it for granted that many people don’t know the “security code” or CVV2 (card verification value) asked for in the checkout process can be found on the backside of their credit cards. CVV2 is used to reduce fraud for card-not-present transactions. (Not all online retailers require the CVV2 so this tip only applies to retailers who do).

Often the checkout form looks like this, with no explanation of what the security code is, where to find it and why it is asked for:


I usually suggest using a link that says “What is this?” with more information in a mouseover. I recently spotted AT&T doing one better — showing exactly where to find the number using an image:


Remember that different cards have different CVV2 locations, so mention that.

This tactic could easily be saving AT&T millions in sales each year. Why don’t you try it?

Another reason customers may hesitate to provide the CVV2 code is the erroneous belief that they are actually risking their personal information more by providing the super-secret code. They feel like you’re not just asking for an email address but a password too!

Of course, the fact you’re asking for the CVV2 code is proof you value their security – you’re preventing anyone who’s stolen their card number from making a fraudulent purchase. But customers don’t see it that way. Reassure them that the CVV2 code is NOT stored in a database and is only used in card-not-present transactions for preventing fraud.

These 2 point-of-action assurances (showing the CVV2 visually and reassuring CVV2 is not stored in a database) should have a positive influence on your conversion rate if you are required to ask this information from customers.


Related Articles

24 Responses to “Reducing Credit Card Fraud Without Increasing Cart Abandonment”

  1. Jestep says:

    Something to question is whether to actually fail a transaction on a CVV mismatch. We’ve seen some gateways / processors that return CVV errors fairly frequently. The last thing you want to do is lose sales because you believe the CVV or AVS is not matching, when it actually is.

    If you do require CVV, which I also recommend, I highly suggest keeping a close eye on CVV errors and declines. Usually they come across as an error, or not available response, but I’ve also seen them marked as a mismatch.

  2. Hi Linda

    That’s a really good idea. Thanks.

    Some of our clients are sometimes constrained in what they can achieve on the payment screens but where possible we’ll try using this.

    Do you know if there are any stats on the reduction in checkout abandonment?

    David Sealey

  3. CVV is really a requirement of good card risk management, the banks have a lot to answer for in declines on AVS and CV2, they talk up their desire to decrease fraud but show little interest in helping retailers prevent it!
    As we approach 2010, we have gone beyond the problems of conversions due to lack of understanding of CV2 and headlong into the issue of how to push customers through a 3D secure transaction.

  4. Also, a good addition to the AT&T way is to show the image only when the user’s mouse hover or when the user activates the CVV form field. This way you make the checkout seem more simple and uncluttered at first glance + you have to ability to also show some instructive text below the image.

    #Thomas; regarding 3D secure it have huge usability problems. Especially when the customer has to activate it for the first time – they often have to click thru as much as 3 extra screens (besides the normal checkout) of cryptic instructions.

  5. Jestep says:

    I have to agree on the 3D. We have a merchant processing about $2M per month, and their VBV, Secure code transactions were getting about 50% declined. Consumers have no idea what it is or they forget their PIN, and it simply kills conversions. I would not recommend being a pioneer of 3D until 90% of cardholders have it and know how to use it.

  6. Jestep says:

    I have to agree on the 3D. We have a merchant processing about $2M per month, and their VBV, Secure code transactions were getting about 50% declined. Consumers have no idea what it is or they forget their PIN, and it simply kills conversions. I would not recommend being a pioneer of 3D until 90% of cardholders have it and know how to use it.
    Oops…forgot to say great post! Looking forward to your next one.

  7. It is simply not a case of being a ‘pioneer’ of 3D secure anymore. It is now a stipulation of our contract with our merchant. If you are as big as Amazon you can probably get away with not implementing this but certainly in the UK, retailers are not being given a huge amount of choice. It would seem that the best way to deal with this is to ensure the process is explained to customers at the checkout. Tesco UK is probably one of the better examples of how to execute this and is a model we will look at for our implementation which has been thrust upon us.

  8. simon says:

    3D secure initiative now sending regular notifications to UK online traders warning of fines for companies that do no comply. I believe no company yet has been fined, but this suggests 3D will become standard in UK. The concern is of course that most shoppers will not register a password or indeed know their password.

  9. Here’s a thought: ask for the information in the same sequence it appears on the credit card:

    long number
    expiry date
    cardholder name
    3-digit code on back

    then you could even have a picture with some arrows showing which bit goes where…

    Got to be worth a split test against whatever jumbled-up sequence you use right now.

  10. Simon says:

    Here I got the information that I am searching since few days. Thanks for you post. It is helpful.

  11. Unfortunatley professional fraudsters can and do obtain CVV codes of card holders. Additionally, even a clear description of what the CVV is and where it’s located does not provide many consumers with an added level of comfort in providing the information.

  12. [...] more from the original source: Reducing Credit Card Fraud Without Increasing Cart Abandonment Subscribe to the comments for this post?Share this on FacebookTweet This!Share this on [...]

  13. Curt Burgess says:

    No one has ever proved to me that CCV2 does anything but keep good customers from checking out. With all the fishing sites out there, CVV2 checks don’t do much (or so I’ve heard). Does anyone have any data to the contrary? I keep hearing banks say we should have it, but I have yet to see a conclusive study that it works as intended.

  14. Mike Rourke says:

    Why is the CVV2 needed when paying a bill (in my name and address) “over the phone” with a Visa CC “in my name”?
    I will provide cvv2 on verified, secure, and trusted sites BUT will absolutely NOT provide in “over the phone” transactions with a CSR present. Is the CSR “verified, secure, and trusted”? Many times I’ve had to resort to a bank check to pay a bill because of this requirement. For example, I tried to pay a doctor bill in my name over the phone with their CSR. I provided the name as appeared on the CC (my name), Visa CC number and expiry date. She asked for the CC billing address. She then asked for the CVV2. I refused. There are a few points to make here: 1) I’m a patient of the doctor, have a history of payments, in my name, and my address on record, and 2) the doctor’s office uses an out of state billing company to transact payments, and 3) why should I trust them? In contrast, what about those invoices asking to pay by CC by postal mail? They provide a space for CC number, expiry date, a signature block, but do NOT request a CVV2 number or even a matching billing address for the CC. Can someone please explain to me the need to provide the CVV2 for “over the phone” transactions when the bill/invoice is clearly for the same person holding the CC?
    Thanks, Mike Rourke.

    • Hi Mike,

      The CVV2 is designed to protect you in card-not-present transactions. They ask to make sure you have the card number in your hand, and you didn’t steal the card number or hack into a system to get it. It’s actually more secure to do an online transaction because the CVV is not stored by the merchant or payment gateway and can’t be hacked in the future. On the phone, you are providing this info to a rep who could just write down your number and use it later. I would not give my CVV over the phone, but that’s my personal choice. I have no issue with providing it online.

      That being said, from the merchant perspective it reduces its liability for fraud by asking for it, and protects cardholders from their cards being fraudulently charged. It’s supposed to be win-win. However, not all merchants ask for this number, one of the reasons being it increases cart abandonment.

      Regarding your doctor’s bill, while this is not an ecommerce scenario, while the bill is in your name the card for payment is not required to also be in your name. Therefore, the system is not programmed to parse out cards that match a billing name with cardholder name. These are completely separate systems, and it would be too much IT work for a doctor’s office to sync these systems.

      Hope that answers your question.

  15. [...] you have elastic credit? If you don’t have it, you can make the elastic credit for your life. What is the advantage of [...]

  16. [...] solve it without this thing. How can you hold the money although you do not have enough saving? Elastic credit can be used. It is different with the traditional loans institution because you will not wait the [...]

  17. [...] are more frequent, and sometimes we find it hard to make ends meet, thus this is where having an Elastic credit can help us! With an elastic credit, we make emergency cash loans to cover sudden and unexpected [...]

  18. [...] related problem in their life. That is why we need to get help from reputable company such as from Elastic credit. Have you heard about this term before? If you don’t know anything about elastic you should [...]

  19. [...] screens are not the only place your visitors may be experiencing frustrating errors. Make sure you explain what the CVV is if you use ask for it, and explaining what format you require for telephone numbers, postal codes [...]

  20. [...] Like AVS, CVV (or CVC) is an ambiguous acronym. Make sure you explain it. [...]

  21. Bill says:

    Someone recently started making fraudulent charges with my Chase Debit Visa card. The bank happily credited several charges to my account but I was responsible for the charges made with a stolen CVV code! This makes me incredibly hesitant to provide the CVV.

Leave a Reply

© 2014 Get Elastic Ecommerce Blog. All rights reserved. Site Admin · Entries RSS · Comments RSS