Authenticate Encrypted Card Verification Values
Card issuers and banks use card verification values (CVV) to determine when a forged card is used in a card-not-present transaction. Using the card’s expiration date, PAN data, and PIN, a hardware security module can cryptographically validate CVV (in its many forms, including CVC, CID, CSC, CVC2, and CVV2) and determine if the card data presented is authentic for online or contact-free payments.
What are CVV, CVC, and CVC2?
- Card Verification Codes (CVC) accelerate the process of verifying card data in card-present transactions. The CVC is found within the magnetic stripe, and these codes are processed anytime a card is inserted into a card-reading point of sale terminal.
- CVV and CVC2 are commonly referenced for card-not-present transactions. They are usually in the form of a three or four-digit code on the back of the card, and they are often used in place of CVC for card-not-present transactions. The two terms are often used interchangeably.
Reasons for Validating CVV
In online transactions, CVV validation is one of two ways of verifying if cards are authentic (the other method is XML-based authentication). Storage of CVVs in any kind of database is expressly prohibited, but businesses need to have access to the card’s public key to decrypt and verify transactions. This service secures the CVV by deploying a hardware security module to validate and encrypt it. Afterwards, VirtuCrypt rids itself of any sensitive information, ensuring compliance with regulatory standards.
Since CVV values are static, as a matter of security, they cannot be stored openly. VirtuCrypt deploys a physical hardware security module to encrypt card data while validating the transaction authenticity. Rather than requiring users to maintain the hardware in a compliant data center, VirtuCrypt provides a secure web portal for users to easily manage their CVV validation solution. The CVV Validation service is easy-to-learn, reduces the scope of compliance, and provides strong access controls.
Requiring only a few steps to deploy a full production environment, this service is designed to fully accelerate the training procedures associated with launching CVV validation of this caliber and level of compliance.
Deploy Access Controls
This service requires the presence of two users to modify important administrative responsibilities. Users can be delegated specific permissions and roles.
Reduce Scope of Compliance
By removing the need to support a compliant data center, VirtuCrypt Elements CVV Validation shrinks the areas that your organization must oversee for compliance.