Moneycontrol PRO
Upcoming Webinar:Innovate Your Future at India Inc. on the Move on August 26 and 27, 2021 at 10am, with Rockwell Automation

CVV and OTP: Important means to safe use of credit cards

CVV is mentioned on the credit card, OTP is sent to the registered mobile number of credit card holder.

August 25, 2015 / 06:14 PM IST
Adhil Shetty

Ankit, a young business man, received an offer call from a Non Banking Finance Company. The tele-caller explained that they were offering pre-approved personal loans at competitive rates loans for prompt credit card payers. Ankit was asked to send a scanned copy of his credit card to know his eligible loan amount.
Being a businessman, Ankit thought it would be a good idea to know his loan eligibility, as he might be requiring loans for his business anytime. Without thinking twice, he forwarded scanned copies of both sides of his credit card, as required. But the caller didn’t turn up after that.

A couple of months later Ankit noticed some unauthorized transactions in his card statement. Though initially he didn’t realize how this happened, he recalled the incident of forwarding the copy of his card. It struck him that he had become a victim of phishing from a fraudulent group with a fake email id, almost identical to the NBFCs legitimate one.

In these days of increased card security and with concepts like OTP and 3D Secure PIN, can anyone with your card details and CVV number transact with it? What is exactly the CVV number on your card? Are all transactions nowadays accompanied by OTP?

All about CVV and OTP in cards

CVV (Card Verification Value code) and OTP (Onetime Password) which is sent on your mobile number registered with the card are the two most significant checkpoints for any credit card usage.

Understanding CVV number

The CVV is a 3-digit number on the back side of your credit as well as debit cards, close to its magnetic strip. While doing any financial transaction online, you will be required to enter this code as a proof that you are physically holding the card. If, by any chance, your card number is compromised, without knowing the CVV number, hackers would not be able to complete any transaction.

Many agencies have various technical names for the CVV number. Master Card refers the CVV code as CVC2, VISA refers to it as CVV2 and AmEx terms it as Card Identification Number (CID).

Can someone use your card number and CVV for fraudulent transactions?
Previously, any card transactions could be carried out with your card number and CVV. But as security measures increased, an additional layer of cross checking using OTP and a 3D Secure PIN entry is also now initiated to protect your card. So transactions over any trusted sites can be carried out only with OTP verification and 3D Secure PIN apart from CVV.

But there are many untrustworthy sites through which transactions are possible with just the CVV number.

Is CVV number 3D Secure?

3D Secure PIN is an additional password that needs to be entered after entering your card details on the payments page for any online transactions through trusted sites. It is termed as Verified by Visa password for Visa and SecureCode password for MasterCard. CVV code is not a 3D secure code.

The RBI has now made 3D secure password mandatory for online shopping, to prevent misuse of a lost card.

An overview of OTP

OTP or One Time Password is also a second layer of defense against any financial fraud. Before your card payment is accepted, the bank or the payment gateway sends an OTP to your registered mobile phone number. Unless you enter the OTP as generated by the system, your transaction would not be completed.

Is OTP sent in all financial transactions?

An OTP will be sent to your registered mobile number to initiate online transactions. However, some payment gateways would ask for 3D Secure PIN additionally. Recently the RBI is working on a proposal to do away with the two-step verification process for small payments. If it is implied, OTP will be the only authentication required for a successful transaction.

Can OTP be misused?

OTP cannot be misused, as it is sent using an encrypted data from the bank’s server. As fraudsters cannot transact with your credit card unless they have the CVV, PIN as well as OTP, it ensures enhanced safety for card users. As its name suggests, OTP can be used once, and is valid for only 10 minutes only. So misuse of OTP is not possible unless someone possess your mobile as well as your card.

What if you enter the wrong OTP?

OTP is intended for only one time use. If you enter the wrong OTP due to any reason, the transaction will not happen. Depending on your card, the transaction will be declined if you happen to enter wrong OTP once or twice. You will then have to generate a fresh transaction and OTP.

There are various checks in place to facilitate a safe card transaction. Be aware of the implications of these small but important security measures.
first published: Aug 25, 2015 06:14 pm

stay updated

Get Daily News on your Browser
ISO 27001 - BSI Assurance Mark