"We don't ask for CV2 during phone payments." Really?

I've probably been into a few hundred contact centers, and I continue to visit them regularly as part of my work. I am genuinely flabbergasted when I hear a version of this statement:

"We don't take CV2 as part of phone payments".

I just don't get it. Seriously.

There is a low-tech mechanism on the card to reduce fraud through Card Not Present (CNP) channels, and it's nicely printed on the back of everybody's card. It's variously called the CV2/CVC/CVV/etc, depending on which card brand you've been indoctrinated by.

Here in the UK, it's pretty rare for companies transacting business over the phone to not take CV2 as part of the transaction.
But when I work in the USA, that situation flips on its head. I would say that most contact centers in the USA do not take CV2. [If you have stats on this, please do share them in the comments. I am genuinely interested.]

CNP fraud is on the rise

(I wrote about this previously). If you are not taking CV2 as part of the payment process in a contact center, you're leaving yourself open for increased fraud. That's because the CV2 acts as a check that the cardholder is, well, physically holding the card, and not a criminal reading from a list of stolen numbers. The clue is in the name: Card Verification.
If you're not taking CV2, you're not doing all you can to prove that the person you're talking with is actually the card holder.

Hang on, what's that you say?

We don't take CV2 because it's too hard to avoid storing it in our call recordings and other systems.
OK... umm, not really! There are many many technical and process solutions out there which can help. (This is not a sales piece, but you do not need to look hard to find them.) On behalf of the wider card payments industry, please find one and start taking CV2. You will help yourself, and the rest of us, by restricting people's ability to commit fraud.

We don't take CV2 because it's another step in the process, and customers aren't familiar with it.
Eh? People are smart and they learn quickly. They'll learn the first time you ask them for their CV2. You're improving their security, and they will thank you for it.
If you don't believe me, look at it the other way. Ask yourself this (particularly if you're in the USA): "How will my phone customers react when EMV rolls out and they are increasingly asked for a PIN, but not asked for additional security on the phone?"

I assert that customers will demand (or at the very least expect) CV2s to be used on phone transactions, as EMV is adopted in the USA.

A question for you

What would happen to your chargebacks if you started taking CV2? (They're not going to increase, are they?)

Also, in what other areas will you gain financially by taking CV2 as part of the payment process? Some acquirers/banks have 2-tier processing charges; lower if CV2 accompanies the PAN during authorization. Ask yours. You may be surprised.


The fraud prevention, financial and customer experience benefits in taking the CV2 far outweigh the excuses for not taking it. Which is why I just can't understand when companies don't take it.

What do you think?

Am I missing something big? Are there genuinely good reasons why you are not taking CV2? I would really love to know why - please leave me a comment.

Loading Conversation

Posted by eckoh at 12:17 PM on Nov 4, 2015


Recent Posts

Healthcare identity theft and fraud is a fast-growing threat in the US, but some…

This year is the 40th anniversary of the classic 1978 sci-fi movie Invasion of…


While the US retail industry is reeling from what has been declared by some as…