CSC stands for Card Security Code, a three- or four-digit number printed on your credit card that helps verify you physically have the card when making online or phone purchases. The term CSC is most closely associated with American Express, but it’s also used as a general umbrella term for the security codes found on all major card networks.
Why Every Card Network Uses a Different Name
The security code on your card serves the same purpose regardless of the brand, but each network gave it a different name. Visa calls it a CVV (Card Verification Value). Mastercard uses CVC (Card Validation Code). JCB labels it CAV (Card Authentication Value). American Express officially calls it a CSC (Card Security Code), though Amex also uses the term CID (Card Identification Number). When a website asks for your “CSC,” “CVV,” “CVC,” or “security code,” they’re all asking for the same thing.
Where to Find It on Your Card
The location and length of the code depend on who issued your card. Most Visa, Mastercard, and Discover cards print a three-digit code on the back, typically near or on top of the signature panel. American Express cards work differently: the security code is four digits and printed on the front of the card.
If you use a digital card through your bank’s mobile app, the code appears in the app alongside your card number and expiration date. Some banks now generate dynamic security codes for digital cards, rotating to a new number every 12 to 24 hours. Your physical card still keeps its original printed code, so the dynamic version only adds protection for online transactions made through the app.
How the CSC Protects You
The CSC exists to fight fraud in situations where a merchant can’t physically inspect your card, like online checkouts or phone orders. Unlike your card number and expiration date, the CSC is not stored on the magnetic stripe or embedded in the chip. It’s not printed on receipts either. That means someone who skims your card at a terminal, intercepts a receipt, or steals your card number from a database still won’t have the security code.
When you enter your CSC during an online purchase, the merchant sends it to the card network for a one-time verification. The network confirms the code matches and sends back an approval or decline. After that single check, the merchant is prohibited from keeping it. The Payment Card Industry Data Security Standard (PCI DSS), the security framework that governs how businesses handle card data, explicitly bans storing the security code after a transaction is authorized, even in encrypted form. This rule ensures the code can’t be harvested in a data breach at a retailer.
When You’ll Be Asked for It
You’ll encounter CSC prompts most often during online shopping. Nearly every e-commerce checkout page includes a field for the three- or four-digit code. You may also be asked to provide it when paying a bill over the phone, setting up a recurring subscription, or adding your card to a digital wallet for the first time.
In-person transactions at a chip reader or contactless terminal don’t require the CSC because the chip itself handles authentication through a separate encrypted process. The CSC is specifically designed for “card not present” transactions where that chip verification isn’t possible.
What to Do If Your CSC Is Unreadable
Because the code is printed rather than embossed or raised, it can wear off over time, especially on the back of a card that gets regular use. If the numbers have faded to the point where you can’t read them, contact your card issuer to request a replacement. You’ll receive a new card with a new security code. In the meantime, if your bank offers a digital card view in its app, you can retrieve the code there to continue making online purchases.
Never write your CSC down alongside your card number or store it in a notes app. The entire security benefit comes from the code being difficult to obtain without the physical card in hand. Keeping it separate from your card number is what makes it useful as a second layer of verification.