A CVV is the three- or four-digit security code printed on your credit card, separate from your main card number. It exists to prove you physically have the card in hand when you’re making a purchase online or over the phone. You’ll be asked for it at checkout on virtually every e-commerce site, and understanding what it is and where to find it takes about two minutes.
Where to Find It on Your Card
The location and length of the code depend on your card’s payment network.
- Visa, Mastercard, and Discover: A three-digit number printed on the back of the card, usually in or near the signature panel.
- American Express: A four-digit number printed on the front of the card, above and to the right of the card number. It’s printed flat on the surface rather than embossed like the account number.
The code is always printed, never embedded in the chip or encoded on the magnetic stripe. That’s a deliberate design choice: it means someone who skims your card’s magnetic data at a compromised terminal still won’t capture the CVV.
Why Each Network Calls It Something Different
You’ll sometimes see the code referred to as a CVC, CID, or CSC instead of CVV. These are just different names from different card networks for the same thing. Visa calls it a Card Verification Value (CVV). Mastercard uses Card Validation Code (CVC). American Express labels it a Card Identification number (CID). Discover calls it a Card Identification Number as well. When a website’s checkout form asks for a “security code,” “CVV,” or “CVC,” they all mean the same number on your card.
How It Protects You During Online Purchases
The CVV is specifically designed for “card not present” transactions, meaning any purchase where the merchant can’t physically verify your card’s chip or magnetic stripe. That includes online shopping, phone orders, and mail orders. When you type in the CVV, the merchant passes it along to your card issuer as part of the authorization request. Your issuer checks whether the code matches what’s on file for your card, and that result factors into the decision to approve or decline the transaction.
The logic is straightforward: if a thief steals just your card number (from a data breach, a phishing email, or a compromised database), they still can’t complete a purchase without the CVV. It’s an extra layer that narrows the window for fraud, though it’s not foolproof on its own.
Merchants Cannot Keep Your CVV on File
Industry security rules, specifically the PCI Data Security Standard, classify the CVV as “sensitive authentication data.” Merchants are required to delete it from their systems once your transaction has been authorized. They cannot store it for future purchases, even if you ask them to. This applies to card-on-file arrangements and recurring billing as well. A retailer that saves your card for easy reordering keeps your card number and expiration date but is prohibited from retaining the CVV.
That’s why sites with your card saved often ask you to re-enter the CVV when you come back to buy something. It’s not a glitch or bad design. They’re following the rules, and it’s actually protecting you. If that merchant’s database is ever breached, your CVV won’t be in it.
Only card issuers (the banks that issue your credit card) are permitted to store CVV data, since they need it on file to verify the codes customers submit.
CVV vs. PIN
These two codes serve different purposes and work in different situations. Your PIN is a four-digit number you chose or were assigned when you opened your account. It’s used for in-person transactions at ATMs and store payment terminals, and it’s never printed on your card. You keep it in your head.
Your CVV, by contrast, is printed directly on the card and is used for remote transactions where no one can verify the physical card. Think of it this way: the PIN proves you’re the authorized cardholder when you’re standing in front of a machine, while the CVV proves you’re holding the card when you’re sitting at a computer.
Keeping Your CVV Safe
Because the CVV’s entire value is proving card possession, the most important thing is making sure no one else gets the number. Never share it over email or text. Be cautious of phone calls claiming to be your bank and asking for the code; legitimate issuers already have it on file and don’t need you to read it back. When shopping online, stick to secure sites (look for “https” in the address bar) and avoid entering your CVV on public or shared computers.
Some people memorize their CVV and then cover it with a small sticker or marker on the physical card. That way, if the card is lost or stolen, a thief can’t simply flip it over and read the code. This is a matter of personal preference, but it does add a practical layer of protection as long as you can recall the number when you need it.
If you suspect your CVV has been compromised, contact your card issuer and request a new card. The replacement will come with a new CVV, immediately rendering the old one useless.