Every time you make an online credit purchase you are asked to provide your CID number or CVV code. These codes are not required for in-person credit card use where you provide identification or a Pin to complete the transaction. However, these numbers afford some measure of protection from fraud and scams when shopping online. What do CID and CVV mean on a credit card? How do they work? What kind of protection do they provide and for whom?
What are CID and CVV Codes?
CID code stands for a card identification number and CVV code stands for card verification value. CID numbers are found on Diners Club, Visa, Mastercard, or Discover cards on the back of the card in or next to the signature panel. They are also found on debit cards. A CVV is found on the front of the card on American Express Cards. The CID is typically a three-digit and the CVV is a four-digit code. They are required to be entered before a transaction can be completed along with the credit card number and expiration date. However, is it safe to share these codes online?
Financial Institutions Protection
As we moved to more phone and online purchases, financial institutions needed a way to protect against fraud. Thieves will always follow the money. However, for online or phone purchases there was no way of verifying if the purchase was being made by the authorized users. There is no way to provide an ID for verification. Also, there is no signature strip to verify your signature or personal identification number (PIN) to enter for verification.
Hence, without some form of protection, this made financial institutions vulnerable to uncontrolled fraud. Therefore, the credit card issuer came up with a three-digit number for CID codes and a four-digit number for CVV codes. These credit card security codes are not to be saved by the merchant like credit card account numbers as a requirement from the credit card company. This prevents them from being hacked. Once the transaction is approved the number disappears. This card verification code is an extra layer of security against fraudulent purchases. However, this security feature is not foolproof.
Consumer Protection
Identity theft is so common that it occurs every 22 seconds. The Losses from identity theft cost Americans $5.8 billion in 2021 and $392 million were from consumer online shopping with card-not-present transactions per the National Council of Identity Theft Protection. These numbers are expected to continue escalating as identity thieves constantly find new ways to scam unsuspecting consumers. Credit Card fraud remains the most common form of identity theft with 2.8 million reports in 2021.
Criminals can use various methods to obtain the card validation code along with credit card information from the physical card. They can use malware that can be inadvertently downloaded on your system by clicking an unknown link. Fraudsters can also use phishing schemes pretending to be your service provider, credit union, major retailers, or financial institutions asking you to verify credit card transactions so they can attempt to obtain the 3 or 4-digit security code.
They may also call or email you pretending to be the customer service representative to get your debit card information. These are some examples of cases of credit card fraud attempts. Please note that no financial institution or retail establishment will ever call you requesting this information. If they do hang up and call them directly. I have on occasion sent phishing emails directly to the fraud protection division of the company in question. They were very thankful for this information because it allowed them to alert their customer base and try and shut them down.
Merchants and Fraud Protection
Even though credit card companies make these 3-digit and 4-digit available as security measures, merchants are not obligated to request them. Some merchants may ask for it the first time you use the card but not for subsequent purchases. This is especially true for recurring payments authorized by you. Since they cannot save this number in their system for future payment there is no protection. Merchants do not want anything in the way of them making them reoccurring sales.
I believe it should be considered best practice for small businesses as well as major retailers to build customer trust and protect their customers from unauthorized transactions. Even though online merchants may verify that the name on the card is not different from what is being typed in the name box or that they require a telephone number, or even postal code. The security codes from the issuing bank are a much better security measure found in the signature box or front of the card.
No customer will return if their debit card information is compromised to the point, they have insufficient funds in their bank account or they get credit card decline codes the next time they use their card. Therefore, it is in the best interest of online merchants to safeguard their customers against fraudulent purchases.
How do they work
You go on a website to make a purchase. The website will ask you for your credit card information which includes the name on the card, credit card number, and expiration date. Finally, they will ask for the CVV or CID number. In information is then sent to a credit card processing center that process all debit and credit card transaction for a bank and/or credit card company. The financial institution will approve or deny the transaction. This information is then communicated to the merchant and the transaction is complete and the CVV or CID codes or deleted. Only the credit card number and the expiration date are stored.
Using Credit Cards online safe?
I use my visa credit card, discover cards, MasterCard with the three-digit value, and American Express CID whenever I use my card online or via phone. It has always been a habit of mine to patronize reputable websites where verification numbers are required. I avoid any websites that are flagged for phishing, malware, or unwanted software. The full-featured digital security software that I have installed on my PC, laptop, and mobile devices alerts me to these types of websites.
However, the last time my credit card was compromised was at the payment processor. This is the company that processes all credit card transactions. Since the security codes are not stored the breach must have been before the transaction was approved. However, it was very organized as the unauthorized charges were all over the United States in a matter of days. The credit card issuer’s fraud department caught this breach, removed all unauthorized charges, and issued me a new card. Fraud departments are also an extra layer of protection. In the past, they even called the local merchant to speak with me when they detected unusual activity on the card. They would have had the card confiscated if I could not provide the correct information to the credit card companies.
Better Protection
With fraud costing financial institutions and merchants billions of dollars, they are constantly working to stay ahead of the criminal element. One method in progress is Dynamic numbers, this works similarly to the Chips on credit cards where a unique code is generated every time you dip your card into a payment terminal or tap to pay.
Instead of a static number located on the front of your card or the back of the credit card. A Dynamic CVV protection number will be generated and only last as long as it takes to complete the transaction. In most cases just few hours only. This will certainly deter the thieves. The code can be emailed to the consumer or via text to the phone number registered to the consumer. Another option is to embed small electronic screens on the back of the cards where the code would change every 30-60 minutes. This is truly state-of-the-art technology.
Hence, this technology is very new and is taking some time to come to the mainstream due to the logistics. The financial industry is very slow to adopt new technologies. This is a heavily regulated industry where lots of money is at stake, so the risk is very high for them. However, they also cannot afford to wait too long as the criminals are actively at work.
Other Ways To Protect Your Credit Cards
However, there are things a consumer can do to protect themselves as well. Some of the tips can stop fraud and others will just help you catch the fraud. The first one is freezing your debit and credit cards online or within your banking app. Most banks and credit card companies have mobile apps which will allow you to freeze and unfreeze your debit and credit cards as needed. I use this feature all the time, with my app freezing, and unfreezing can be done in real-time. There is no delay and just requires a tap on the freeze or unfreeze button. It is guaranteed to stop any fraudulent use of your card.
Next, set up Alerts, especially for card-not-present transactions. This is a great deterrent to the unauthorized use of your debit or credit card. These alerts have prevented a company I purchased a service from charging me for an unauthorized purchase. As soon as I got the alert, I was able to contact them and request that they reversed the charges or prove my consent for this purchase. I was able to get the matter resolved the same day. Letting charges sit too long on your account could conflict with the return policy. Therefore, you want to get it removed quickly. This tip works best when you use a designated card for online purchases.
Start Those Alerts
Getting alerts for charges over a certain amount is a great flag when attempting to safeguard your accounts. Most fraudsters process small amounts first before making a bigger purchase, so I keep this alert at $0. Therefore, when I see an amount coming in at $1, I know someone is trying to verify that the transaction will go through. This feature has saved me many times.
You may also want to flag charges over a certain amount to ensure that you do not exceed your credit card utilization which is one of the major factors that can impact your credit score. 10% is the target to keep your credit score on track.
You can use text or emails for your convenience depending on your preference of communication. Text is immediately available on your phone, and you may want the most important information sent to you as a text since it is the fastest form of communication. If you are like me emails are not always looked at daily or as quickly.
Finally, do it the old fashion way. Check your credit card balances regularly. Your banking app makes this so easy. I go into the app and click the credit card I want to review. Then I hit review recent transactions and scroll through all my most recent transactions. Takes about five minutes. Therefore, I always have peace of mind.
Recap
All this information is for educational purposes to help you avoid fraudulent activity on your account. It is the best way to stay on top of all your credit card activity and dispute anything that was not authorized by you. It will not guarantee that you will be able to protect your personal information which is the main purpose of the credit card identification code, but it is better than nothing. Especially when you are trying to build up your credit score.
- Avoid making purchases on websites that do not require credit card CVV or credit card identification code
- Set up alerts to notify you via email or text of any card-not-presence transaction
- Freeze your debit card or credit card when not in use
- Locate the CID code to the right of your main credit card number and the CVV code on the back of credit cards next to the signature box and always use it
- Don’t click on any phishing links before verifying with your financial institution – They will never ask for any information other than your contact information or verify your address
- Review your debit and credit card balances regularly
Additional Resources:
How to Manage Credit Card Debt
Debt Free is the New Rich
What Hurts Your Credit Score the Most?
