Is a CVV number required?
Comments(9)
Fraud is always an issue when it comes to online purchases and asking for a CVV number is one method of curbing fraudulent credit card use. It is also one extra field to ask users to fill out. So does the extra hassle affect conversion rates? Apparently it does. Overall, conversion rates were a full 40% higher where retailers did not require a CVV number.
If this is a solid finding, retailers must balance the trade-off between fraud prevention and ease-of-use for legitimate purchasers.
55% of Top 100 retailers require shoppers to give a CVV number during the checkout process.
Back to The Ecommerce Checkout Report Index
The Ecommerce Checkout Report
An in-depth report on the checkout tactics used by the Internet's Top 100 online retailers
By Visa and MasterCard regulations, CVV is required with every non-recurring internet transaction. Funny that more than half the websites being tested don’t even use it…
Are you referring to PCI compliance? I wonder if they have tested the effect of requiring the CVV input versus conversion rate. Maybe penalties for non-compliance are less than the impact it has on conversions?
Just to clarify this, Visa and MasterCard recommend that all Internet and MOTO transactions include the card code when a transactions is processed. Many processors, especially when it comes to smaller online businesses, require that the card code be included with a transaction on non-recurring Internet and MOTO transactions. There isn’t any system in place with either group to actually force businesses to use card code verification, so in the end it is still up to the business itself whether they want to use it or not.
Once a security feature was given away online you can not consider this feature as secure anymore.
Very dumb to not require cvv. Even though conversion rates are reduced, so are chargeback rates… ;-)
I think consumers may not trust sites that ask for CVV because if you have that data on file, you can use the credit card anywhere. Do you trust every online retailer’s online security that no one will EVER have access to that information? Ironically, the CVV is there to protect you, but it’s a dangerous piece of information to give up.
But it’s part and parcel of transacting online.
Can someone clarify for me: The PCI Data Security Standards state that the CVV number is not to be stored “subsequent to authorization”.
Does this imply that authorization must be done immediately, or does it mean that if I take 48 hours to complete authorizaiton or authentication, that I could store until then?
This question is the reason I’m hesitent to ask for the CVV code.
Linda,
It’s illegal for merchants to store CVV data.
I think there are a few things here that need to be clarified. First, it is a breach of the PCI DSS (payment card industry data security standards) to store the CVV data at any point. If you were looking to perform the transaction 48 hours later as Bruce asked, you would need to do an authorization right away, followed by a capture of the funds at the later date.
Including the CVV is NOT required but is recommended by Visa and MasterCard. The merchant’s processor can also have a say in whether the transactions can even be performed without the CVV being sent.
One thing that wasn’t brought up by anyone but I think is an important factor to consider is that card issuers (that is, your local bank of choice giving you your credit card) also have a say in whether they want their credit cards to be used online without the card verification value (CVV). Therefore, merchants not giving the option of entering a CVV are potentially removing the ability from some of their customers to purchase from them.