October 31, 2025
What do CID, CVC, CAV and CVV have in common? They are different acronyms for the security code (or more widely used: card verification code) connected to credit or debit card delivering the same security functionality for the different payment card brands. This code is a critical capability for preventing fraud and facilitating authentication, particularly in Card-Not_Present (CNP) transactions, such as online purchases.
β
This technology note refers to the code printed on a physical card. There are other instances of the code with slightly different properties stored on the magnetic strip and in the chip. A further group of these codes uses dynamic input values, such as current time to provide additional security for use cases such as digital wallet on-boarding.
β
- CID stands for Card Identification Number. This is the term used by American Express and Discover. For American Express, the CID is a four-digit, non-embossed number located on the front of the card, usually above the card number. For Discover, the CID is a three-digit number on the back of the card, on the signature strip.
- CAV stands for Card Authentication Value, and it is used by JCB.
- CVC stands for Card Validation Code. This is the term used by Mastercard.
- CVV Stands for Card Verification Value. This is the term used by Visa. Like the CVC and CAV, the CVV is typically a three-digit number found on the back of the card, next to the signature strip.
β
The different names are a result of each payment network developing its own security feature and giving it a unique name. The fundamental purpose and function of the codes are identical.
β
Verification of physical possession
The CVV2 (in case of Visa, or CVC2 for Mastercard) is designed to prove that the person making a Card-Not-Present transaction has the physical card in their possession. Since this version of the security code is not stored on the card's magnetic stripe or chip, a fraudster who does not have the physical card, cannot complete a transaction that requires the security code.
β
PCIΒ DSSΒ compliance
PCI DSS strictly prohibits merchants from storing the security code after a transaction is authorized. This is a crucial rule that ensures that even if a merchant's database is breached, the codes cannot be stolen.
So, while the name and location may vary by network, the added layer of security for remote transactions is an universal and essential feature of modern payment networks.
β
Welcome to Finsweet's accessible modal component for Webflow Libraries. This modal uses Webflow Interactions to open and close. It is accessible through custom attributes and custom JavaScript added in the embed block of the component. If you're interested in how this is built, check out the Attributes documentation page for this modal component.
Curious to know more?
Contact us for a consultative talk
