Payment technology has come a long way since the advent of the credit and debit card, even further since paper checks were frequently used by the average consumer. Since the popularization of online shopping in the mid-90’s, consumers have increasingly used credit and debit cards on a variety of platforms. And in the last decade, the growth of mobile payment processing and digital wallets further extended the methods customers can choose to pay.
To keep up, not only do businesses need to expand their payment options–they need to make sure each payment is verified to reduce the rate of fraud and chargebacks. Payment card verification must happen quickly and seamlessly during the transaction process.
In this article, we’ll discuss what card verification is and how it works.
What is Card Verification?
Simply put, card verification is the step in the payment process where a combination of features in ATM, debit, and credit cards are used to confirm the owner’s identity.
The Payment Card Industry Security Standards Council (PCI SSC) is a global network that brings together payment industry stakeholders to create and further the adoption of security standards and payment resources. Founded in 2006 by American Express, Discover, JCB International, MasterCard, and Visa, this council’s guidelines are meant to enhance global payment account data security. One of the ways the PCI SSC governs payment security is to require a card verification method (CVM) when merchants process a transaction.
There are four main types of card verification:
Online PIN: This method prompts the cardholder to enter their personal identification number (PIN) into the payment terminal or ATM, which is then encrypted and sent to the host (either the bank or processor) for an authorization request. The host then verifies the PIN and returns a transaction approved response.
Offline PIN: This is a method done locally between the payment card and terminal. When the PIN check is confirmed via the terminal, the transaction is sent to the host indicating the PIN check was done locally and successfully, and the transaction continues to process.
Signature: Primarily used with credit cards, or in lieu of a PIN, a signature can be collected on a receipt or captured digitally at the payment terminal.
Consumer Device CDCVM (CDCVM): This verification method is used when the customer’s device is used as a payment method via a mobile wallet. Consumer Device CVM uses either a passcode or biometric authentication (fingerprint or facial recognition depending on the device) to approve the transaction and communicates with the payment terminal to authorize the transaction.
As the payment landscape grows and new forms of payment are popularized, so do the methods available to verify cardholder identity. For example, the use of mobile wallets created a need for a different type of card verification from debit and credit cards. That said, there are different requirements that depend on the card issuer and can also vary by transaction amount or type (such as card present or not).
How is Card Verification Implemented?
Debit and credit card verification is a critical part of payment processing. As such, businesses must choose a trusted payment processor for software and hardware. To ensure proper card verification is seamless, a payment API (application programming interface) is used to manage payments.
Card verification is built in as part of the transaction at the point of sale (POS) and needs to take place quickly to avoid impeding the customer experience. Because the payment API integrates verification into the transaction process, merchants have a minimum requirement they must meet to maintain PCI compliance.
That said, some may opt to forgo some verification requirements for their customers under select circumstances. For example, if a purchase is below a set dollar amount , the business can choose to skip certain verification steps.
Outside of the PIN and signature, there are some other key components of card verification. The CVV and AVS codes explained below are used most commonly for transactions where the card is not present, and therefore, some additional information is needed to verify the cardholder and prevent fraud.
What is the CVV and How is it Used?
Card Verification Value (CVV) and Card Verification Code (CVC) are synonymous and refer to either data embedded within the magnetic stripe, or printed security features on the card. The CVV is an important piece of cardholder data and is used along with the credit card number and expiration date.
One common example of using the CVV during a transaction is to use the three-digit code on the back (or four digit number on the front for American Express) for transactions when the card is not present, such as an order taken over the phone or an online transaction.
How is the Address Verification Service (AVS) Used to Detect Credit Card Fraud?
Another step in cardholder verification is to cross-check the billing address used during credit card transactions against the one on record for the issuer bank. The purpose of this is to prevent card fraud and is done at the merchant’s request as an additional method of authentication.
Though this method is commonly used for identity verification, it is not without its faults. Because some transactions are sent to different addresses legitimately, this could flag valid transactions inappropriately when card details appear to be mismatched. However, AVS remains an important part of the transaction authentication process and aids merchants in determining whether a card payment should be accepted during a non face-to-face transaction.
The Importance of Card Verification
As outlined above, card verification is a fundamental part of payment processing and has certain standards integrated into the payment API.
For merchants, card verification is instrumental in preventing chargebacks and fraud. Mitigating the effects of credit card fraud costs companies time, money, and resources. By properly maintaining PCI SSC compliance and using trusted payment processing providers, businesses are able to reduce the risk of fraud by stopping unauthorized transactions.
For customers, card verification can curb fraudulent activities before they happen.
Unauthorized transactions are a headache to deal with, even more so when they actually process. Catching these transactions before they process and flagging the card in question helps customers to quickly resolve the situation.
Card verification, along with other standards and procedures for payment processing are all meant to accomplish the PCI Security Standards Council’s mission and protect consumers.
Here at Stax, payment security is our top priority. That’s why all our solutions meet PCI standards and are designed to keep transactions secure. Contact us to learn more.
Quick FAQs about Card Verification
Q: What is card verification in the context of payment processing?
Card verification is the process of confirming the identity of the cardholder during a transaction. This is done using various methods such as PIN entry, signature, or biometric authentication to ensure that the person making the payment is authorized to use the card.
Q: Why is card verification important for businesses?
Card verification is crucial for businesses as it helps in preventing fraud and chargebacks. By verifying the cardholder’s identity, merchants can reduce the risk of unauthorized transactions, protecting both the business and its customers. It also ensures compliance with Payment Card Industry Security Standards Council (PCI SSC) guidelines.
Q: What are the main types of card verification methods?
The main types of card verification methods include:
– Online PIN: The cardholder enters their PIN, which is encrypted and sent to the bank for verification.
– Offline PIN: The PIN is verified locally between the card and the terminal.
– Signature: The cardholder signs a receipt or a digital screen.
– Consumer Device Cardholder Verification Method (CDCVM): Uses passcodes or biometric data via mobile wallets.
Q: How do online and offline PIN verification differ?
Online PIN verification involves sending the cardholder’s PIN to the bank for verification, while offline PIN verification is done locally at the payment terminal without contacting the bank. Both methods aim to confirm the cardholder’s identity but differ in their execution and reliance on external networks.
Q: What is the role of CVV in card-not-present transactions?
The Card Verification Value (CVV) is a security feature used in card-not-present transactions, such as online or phone orders. It is a three-digit (or four-digit for American Express) code that helps verify the cardholder’s identity and prevent fraud by ensuring the person making the transaction has physical possession of the card.
Q: How does the Address Verification Service (AVS) help in detecting fraud?
AVS cross-checks the billing address provided during a transaction with the address on file with the card issuer. This additional verification step helps detect potential fraud by flagging mismatched addresses, although it may sometimes incorrectly flag legitimate transactions.
Q: What is the Consumer Device Cardholder Verification Method (CDCVM)?
CDCVM is a verification method used for mobile wallet transactions. It involves using a passcode or biometric authentication (such as a fingerprint or facial recognition) on the customer’s device to authorize the transaction, adding an extra layer of security.
Q: How is card verification implemented in payment processing systems?
Card verification is integrated into payment processing systems using a payment API, which ensures that verification takes place quickly and efficiently at the point of sale. This seamless integration helps maintain PCI compliance and provides a smooth customer experience.
Q: Can merchants skip certain verification steps for small transactions?
Yes, merchants can choose to skip certain verification steps for transactions below a set dollar amount. This flexibility allows for a faster checkout process while still maintaining a level of security appropriate for the transaction size.
Q: What are the benefits of maintaining PCI SSC compliance for card verification?
Maintaining PCI SSC compliance ensures that businesses adhere to industry standards for payment security. This compliance helps protect against fraud, reduces the risk of chargebacks, and builds customer trust by demonstrating a commitment to secure payment processing.
