Activate a CardApply for a CardStore Credit CardsMake a PaymentContact UsAbout Us

What Is the CVV Code on a Credit Card?

You've probably been asked for it dozens of times — when shopping online, booking travel, or setting up a subscription. That three- or four-digit number on your card is your CVV code, and it plays a surprisingly important role in keeping your transactions secure. Here's exactly what it is, where to find it, and why it matters.

What CVV Stands For

CVV stands for Card Verification Value. Depending on the card network, you might also see it called:

  • CVC (Card Verification Code) — used by Mastercard
  • CVV2 / CVC2 — updated versions with stronger encryption
  • CID (Card Identification Number) — used by American Express and Discover

Despite the different names, they all serve the same purpose: verifying that the person making a transaction physically has the card, or at least has access to information printed on it.

Where to Find Your CVV Code

The location depends on which network issued your card:

Card NetworkCVV LocationNumber of Digits
VisaBack of card, right of signature strip3
MastercardBack of card, right of signature strip3
DiscoverBack of card, right of signature strip3
American ExpressFront of card, above the card number4

On Visa, Mastercard, and Discover cards, you'll typically see a full card number or the last four digits printed, followed by a separate three-digit code. That separate code is your CVV. On Amex cards, it's a four-digit number printed on the front, usually above and to the right of the embossed card number.

Why the CVV Exists 🔐

When you swipe or tap a card in person, the card's magnetic stripe or chip transmits encrypted data to verify the transaction. But online and phone purchases can't read that physical data — so merchants need another way to confirm you're not just using a stolen card number.

That's exactly what the CVV solves. Because the CVV is not stored on the magnetic stripe and is not embedded in the chip, it can't be captured in most data breaches that target stored card numbers. A thief who steals a list of 16-digit card numbers from a compromised database typically won't have the CVVs to go with them.

This is why nearly every online merchant requires it at checkout.

What the CVV Does Not Protect Against

The CVV is a useful layer of security, but it has real limits:

  • It doesn't protect against full card data theft. If your physical card is stolen, the CVV is right there with it.
  • It doesn't stop phishing. If you're tricked into entering your full card details on a fraudulent site, the CVV goes along with everything else.
  • It doesn't authenticate your identity. Merchants can't verify that you entered it — only that someone with the card (or its details) did.
  • It expires with the card. When you get a replacement card, even for the same account, the new card will have a different CVV.

Can Merchants Store Your CVV?

No — and this is an important detail. Under PCI DSS (Payment Card Industry Data Security Standard) rules, merchants are explicitly prohibited from storing CVV codes after a transaction is authorized. If a retailer asks you to store a card on file for future purchases, they are not allowed to keep the CVV alongside it.

This is why you're often asked to re-enter your CVV even when a site already has your card number saved. That's not a bug — it's a deliberate security requirement. ✅

Dynamic CVVs: A Newer Development

Some card issuers have introduced dynamic CVVs — codes that change periodically (sometimes every 30–60 minutes), displayed on a small e-ink screen embedded in the card itself. The idea is that even if someone captures your CVV during a transaction, it will be useless shortly after.

This technology is still relatively uncommon but is slowly expanding, particularly among security-focused card programs. It reflects an ongoing push to make card-not-present fraud harder to execute.

Virtual Cards and CVVs

Many issuers now offer virtual card numbers for online shopping. These are temporary card numbers — with their own CVVs — generated specifically for a single merchant or a limited time window. Even if the virtual card details are compromised, they can't be used elsewhere or after they expire.

Whether this feature is available to you depends entirely on your issuer and the specific card you carry.

How CVV Codes Are Generated

CVVs aren't random numbers — they're calculated using an algorithm that factors in your card number, expiration date, and a secret key held by the card issuer. This means:

  • You cannot calculate your own CVV
  • The CVV changes when your card is reissued (new expiration date = new CVV)
  • Issuers can verify a CVV instantly when a transaction is submitted 🔢

This cryptographic backbone is what makes the CVV meaningful as a security measure rather than just a random extra digit.

When You're Asked for the CVV and When You're Not

Merchants aren't required to ask for a CVV — it's optional, though most choose to require it for card-not-present transactions. Some situations where you might not be asked:

  • Recurring billing — once a subscription is authorized, future charges typically don't re-verify the CVV
  • Tap-to-pay and chip transactions — the physical card handles authentication differently
  • Trusted stored cards — some platforms you've repeatedly used may waive it after initial verification

The decision about whether to require a CVV at each transaction sits with the merchant and their payment processor, not with you.

Your Card, Your Profile

Understanding what a CVV is and how it protects you is straightforward. What varies considerably from one cardholder to the next is everything built around that card — the credit limit behind it, the fraud protections your specific issuer offers, whether virtual card numbers are available to you, and how quickly suspicious activity gets flagged on your account. Those details aren't printed on the back of the card. They depend entirely on your card agreement and your issuer's policies.