Payment technology has come a long way since the advent of the credit and debit card, even further since paper checks were frequently used by the average consumer. Since the popularization of online shopping in the mid-90’s, consumers have increasingly used credit and debit cards on a variety of platforms. And in the last decade, the growth of mobile payment processing and digital wallets further extended the methods customers can choose to pay.
To keep up, not only do businesses need to expand their payment options–they need to make sure each payment is verified to reduce the rate of fraud and chargebacks. Payment card verification must happen quickly and seamlessly during the transaction process.
In this article, we’ll discuss what card verification is and how it works.
What is Card Verification?
Simply put, card verification is the step in the payment process where a combination of features in ATM, debit, and credit cards are used to confirm the owner’s identity.
The Payment Card Industry Security Standards Council (PCI SSC) is a global network that brings together payment industry stakeholders to create and further the adoption of security standards and payment resources. Founded in 2006 by American Express, Discover, JCB International, MasterCard, and Visa, this council’s guidelines are meant to enhance global payment account data security. One of the ways the PCI SSC governs payment security is to require a card verification method (CVM) when merchants process a transaction.
There are four main types of card verification:
Online PIN: This method prompts the cardholder to enter their personal identification number (PIN) into the payment terminal or ATM, which is then encrypted and sent to the host (either the bank or processor) for an authorization request. The host then verifies the PIN and returns a transaction approved response.
Offline PIN: This is a method done locally between the payment card and terminal. When the PIN check is confirmed via the terminal, the transaction is sent to the host indicating the PIN check was done locally and successfully, and the transaction continues to process.
Signature: Primarily used with credit cards, or in lieu of a PIN, a signature can be collected on a receipt or captured digitally at the payment terminal.
Consumer Device CDCVM (CDCVM): This verification method is used when the customer’s device is used as a payment method via a mobile wallet. Consumer Device CVM uses either a passcode or biometric authentication (fingerprint or facial recognition depending on the device) to approve the transaction and communicates with the payment terminal to authorize the transaction.
As the payment landscape grows and new forms of payment are popularized, so do the methods available to verify cardholder identity. For example, the use of mobile wallets created a need for a different type of card verification from debit and credit cards. That said, there are different requirements that depend on the card issuer and can also vary by transaction amount or type (such as card present or not).
How is Card Verification Implemented?
Debit and credit card verification is a critical part of payment processing. As such, businesses must choose a trusted payment processor for software and hardware. To ensure proper card verification is seamless, a payment API (application programming interface) is used to manage payments.
Card verification is built in as part of the transaction at the point of sale (POS) and needs to take place quickly to avoid impeding the customer experience. Because the payment API integrates verification into the transaction process, merchants have a minimum requirement they must meet to maintain PCI compliance.
That said, some may opt to forgo some verification requirements for their customers under select circumstances. For example, if a purchase is below a set dollar amount , the business can choose to skip certain verification steps.
Outside of the PIN and signature, there are some other key components of card verification. The CVV and AVS codes explained below are used most commonly for transactions where the card is not present, and therefore, some additional information is needed to verify the cardholder and prevent fraud.
What is the CVV and How is it Used?
Card Verification Value (CVV) and Card Verification Code (CVC) are synonymous and refer to either data embedded within the magnetic stripe, or printed security features on the card. The CVV is an important piece of cardholder data and is used along with the credit card number and expiration date.
One common example of using the CVV during a transaction is to use the three-digit code on the back (or four digit number on the front for American Express) for transactions when the card is not present, such as an order taken over the phone or an online transaction.
How is the Address Verification Service (AVS) Used to Detect Credit Card Fraud?
Another step in cardholder verification is to cross-check the billing address used during credit card transactions against the one on record for the issuer bank. The purpose of this is to prevent card fraud and is done at the merchant’s request as an additional method of authentication.
Though this method is commonly used for identity verification, it is not without its faults. Because some transactions are sent to different addresses legitimately, this could flag valid transactions inappropriately when card details appear to be mismatched. However, AVS remains an important part of the transaction authentication process and aids merchants in determining whether a card payment should be accepted during a non face-to-face transaction.
The Importance of Card Verification
As outlined above, card verification is a fundamental part of payment processing and has certain standards integrated into the payment API.
For merchants, card verification is instrumental in preventing chargebacks and fraud. Mitigating the effects of credit card fraud costs companies time, money, and resources. By properly maintaining PCI SSC compliance and using trusted payment processing providers, businesses are able to reduce the risk of fraud by stopping unauthorized transactions.
For customers, card verification can curb fraudulent activities before they happen.
Unauthorized transactions are a headache to deal with, even more so when they actually process. Catching these transactions before they process and flagging the card in question helps customers to quickly resolve the situation.
Card verification, along with other standards and procedures for payment processing are all meant to accomplish the PCI Security Standards Council’s mission and protect consumers.
Here at Stax, payment security is our top priority. That’s why all our solutions meet PCI standards and are designed to keep transactions secure. Contact us to learn more.
FAQs about Card Verification
Q: What is card verification and its purpose?
Card verification is the step in the payment process where a combination of features in ATM, debit, and credit cards are used to confirm the owner’s identity. This process helps reduce fraud and chargebacks by ensuring the validity of the cardholder and their transactions.
Q: What are the four main types of card verification?
- Online PIN: The cardholder enters their personal identification number (PIN) into the payment terminal or ATM, which is then encrypted and sent to the host (either the bank or processor) for an authorization request.
- Offline PIN: A local method between the payment card and terminal that confirms the PIN check and proceeds with the transaction.
- Signature: Primarily used with credit cards and sometimes in lieu of a PIN, a signature can be collected on a receipt or captured digitally at the payment terminal.
- Consumer Device Cardholder Verification Method (CDCVM): This verification method is used when the customer’s device is used as a payment method through a mobile wallet. It either uses a passcode or biometric authentication (fingerprint or facial recognition) to authorize the transaction.
Q: How is card verification implemented in the payment process?
Card verification is integrated into the point of sale (POS) transaction through the use of a payment API (application programming interface). This system facilitates a seamless and secure transaction process while ensuring PCI SSC compliance for the merchants and businesses.
Q: What is the CVV and how is it used?
Card Verification Value (CVV) and Card Verification Code (CVC) are security features embedded within the magnetic stripe or printed on the card. The CVV is often used along with the credit card number and expiration date. The three-digit code on the back (or four-digit code on the front for American Express) is typically used for transactions when the card is not present, such as phone or online transactions.
Q: How does the Address Verification Service (AVS) help to detect credit card fraud?
Address Verification Service (AVS) cross-checks the billing address provided during credit card transactions against the records of the issuer bank. This method helps prevent fraud by ensuring the cardholder’s identity through address verification. It is an additional method of authentication, mostly used for non face-to-face transactions, although it may sometimes mistakenly flag legitimate transactions due to address discrepancies.
