"We don't ask for CV2 during phone payments." Really?

I've probably been into a few hundred contact centres, and I continue to visit them regularly as part of my work. I am genuinely flabbergasted when I hear a version of this statement:

"We don't take CV2 as part of phone payments".

I just don't get it. Seriously.

There is a low-tech mechanism on the card to reduce fraud through Card Not Present (CNP) channels, and it's nicely printed on the back of everybody's card. It's variously called the CV2/CVC/CVV/etc, depending on which card brand you've been indoctrinated by.

Here in the UK, it's pretty rare for companies transacting business over the phone to not take CV2 as part of the transaction.
But when I work in the USA, that situation flips on its head. I would say that most contact centres in the USA do not take CV2. [If you have stats on this, please do share them in the comments. I am genuinely interested.]

CNP fraud is on the rise

(I wrote about this previously). If you are not taking CV2 as part of the payment process in a contact centre, you're leaving yourself open for increased fraud. That's because the CV2 acts as a check that the cardholder is, well, physically holding the card, and not a criminal reading from a list of stolen numbers. The clue is in the name: Card Verification.
If you're not taking CV2, you're not doing all you can to prove that the person you're talking with is actually the card holder.

Hang on, what's that you say?

We don't take CV2 because it's too hard to avoid storing it in our call recordings and other systems.
OK... umm, not really! There are many many technical and process solutions out there which can help. (This is not a sales piece, but you do not need to look hard to find them.) On behalf of the wider card payments industry, please find one and start taking CV2. You will help yourself, and the rest of us, by restricting people's ability to commit fraud.

We don't take CV2 because it's another step in the process, and customers aren't familiar with it.
Eh? People are smart and they learn quickly. They'll learn the first time you ask them for their CV2. You're improving their security, and they will thank you for it.
If you don't believe me, look at it the other way. Ask yourself this (particularly if you're in the USA): "How will my phone customers react when EMV rolls out and they are increasingly asked for a PIN, but not asked for additional security on the phone?"

I assert that customers will demand (or at the very least expect) CV2s to be used on phone transactions, as EMV is adopted in the USA.

A question for you

What would happen to your chargebacks if you started taking CV2? (They're not going to increase, are they?)

Also, in what other areas will you gain financially by taking CV2 as part of the payment process? Some acquirers/banks have 2-tier processing charges; lower if CV2 accompanies the PAN during authorisation. Ask yours. You may be surprised.


The fraud prevention, financial and customer experience benefits in taking the CV2 far outweigh the excuses for not taking it. Which is why I just can't understand when companies don't take it.

What do you think?

Am I missing something big? Are there genuinely good reasons why you are not taking CV2? I would really love to know why - please leave me a comment.

Loading Conversation

Posted by eckoh at 12:17 PM on Nov 4, 2015


Recent Posts

Does it feel like it's panto season in your contact centre every day? If so,…


We've all watched on in horror ... as an out-of-control child creates havoc at a…


Are customers mysteriously falling out of love with your business — despite your…