Today, when commercial activities are widespread over the Internet, many facilities are offered for the use of bank cards, both credit and debit cards, but at the same time, it is necessary to provide a security framework for consumers. Hence, security measures such as CVV2 and CVC2 numbers have been implemented next to the signature panel code or security band where the holder’s signature is placed.
The progress of electronic commerce and the need for security codes CVV2 / CVC2
Electronic commerce has been extended in such a way that, according to the World Trade Organization, this medium is currently considered indispensable for the development of any company in the world.
These commercial activities have extended to all areas: between companies and governments (B2G), business to consumer (B2C), mobile electronic commerce and business to business (B2B)
Precisely the commercial transactions that have increased the most have been B2B, to the point that they currently represent 90% of electronic commerce and this has meant the daily movement of billions of dollars.
The remarkable number of financial transactions through the network and the astronomical sum behind them mean a huge temptation from there that banking companies have been in need of improving the security with which these transactions are carried out.
Precisely, one of the measures with which they have faced theft in the network through fraud with debit cards or credit cards has been with the incorporation of authentication mechanisms to these electronic banking instruments.
It is a security code that is printed on the back of the card and is normally required of the user each time they make a financial transaction online.
These three-digit security codes are known as CVC2 and CVV2 and the key to their use is that they require the user to have the card in their hand to view these numbers.
In these debit and credit cards, the location is on the back of it, while the composition of this security code corresponds to three digits. This is the case of MasterCard, Visa, Diners Club credit cards, among others.
In most of the cards the CVV2 / CVC2 are three digits, but in the case of the American Express credit cards it is four digits, nor is it found on the back in the signature panel code as in the majority but in the obverse, above the number.
However, recently in the MasterCard and Visa credit cards trying to avoid overwriting the numbers at the time of signing the card these three digits were located to the right of the signature space, in the signature panel code.
These changes in the location and composition of CVV2 / CVC2 prevents dishonest merchants or store employees from easily capturing the magnetic stripe data in these instruments and subsequently using them fraudulently.
In other words, we wanted to prevent malicious people with this data from making purchases online or phone purchases without having the card.
How much security do these security codes provide?
In the event that the card numbers are stolen, the option to request CVC2 and CVV2 prevents fraud.
This is due to the fact that the CVV2 / CVC2 are not stored in the database along with the other card data, this prevents them from being stolen as well.
The non-storage of these security codes in the terminals and payment gateways prevents employees, customer service and intruders from knowing this information.
In other words, personnel (whether authorized or malicious people) who enter the database cannot complete the card information necessary to carry out transactions.
This is a security procedure that has so far produced excellent results since it is legally supported by the Payment Card Industry Data Security Standard (PCI DSS), which also prohibits the authorization of subsequent transactions without the Use of this information.
Thanks to this implementation of security codes, e-commerce continues to expand and is projected as the predominant form of commercialization worldwide.