Online Stores: Don’t Require CVV?

Here’s everything about online stores not requiring CVV:

The most prolific store that doesn’t require a CVV is Amazon.

Plenty of other major online stores like Walmart and Target will often forgo asking for a CVV when you check out.

More generally, any online store can skip CVV confirmation whenever they want to, and there are plenty of scenarios where that makes sense.

So if you want to learn all about what CVV is and why and which online stores don’t require it, then this article is for you.

Let’s delve into it!

Online Stores: Don't Require CVV? (Why and Which?)

What Is CVV?

Let’s start this conversation with a bit of clarity.

The CVV (card verification value) number is usually found on the back of a credit or debit card.

It is usually three or four numerical digits, and it is used as an additional layer of security.

This isn’t always the case.

As an example, many American Express cards have a four-digit code on the front of the card.

The location and length are just a convention, not a hard rule.

The theory is that if someone had access to your credit card number, they still wouldn’t be able to make fraudulent purchases with the card number because they also need the CVV number. 

In many cases, this is effectively true, but the big picture is a bit more complicated, and we’ll be getting into all of it.

I also want to take a moment to talk about the CVC (card verification code) number.

It’s literally the same thing.

CVC is just a different notation to describe the exact same code and function.

You might also see this number referred to as a CSC (card security code).

It all works the same way, so for simplicity, I’ll only use CVV for the rest of this article.

How Does CVV Work?

How does this extra number protect a transaction?

In a lot of cases, it doesn’t.

If your card is physically stolen then the CVV isn’t doing anything to help you.

But, there are plenty of cases where the CVV number does add an important layer of security, and they mostly exist in the realm of digital transactions.

If you use a card to buy something at a physical store, you have to interact with the pin pad.

You usually have to either sign for the purchase or put in your PIN number.

Some pin pads might have you put in your zip code instead.

The point is that you have to add information to the interaction, so if someone physically stole your card, it’s at least a little bit harder for them to use it.

With digital purchases, one of the risks is that your card number can be stolen even if the physical card is still in your possession.

If this happens, someone could try to make online purchases with your card number.

The CVV helps because the number isn’t digitally married to your actual card number.

If someone only lifted the card number and doesn’t have access to the CVV, then they won’t be able to make fraudulent purchases.

That’s the gist of why CVVs exist, but it leads to something important.

Not all digital stores require a CVV.

Which Online Stores Don’t Require CVV? (3 Categories)

It might seem strange, but there are a number of prominent digital retailers that don’t use the CVV at all.

There are even more than only sometimes using the CVV.

I’ll get into the motivations behind this a little later.

First, let’s talk about which stores are opting out of using the CVV.

The best-known is Amazon.

You can make Amazon purchases without putting in your CVV, and you still get your package.

Walmart, Target, Overstock, Zappos, and plenty of other major online retailers also fit into this category.

You can see a pretty substantial list here.

Now, there are two things we should really get into.

First, some of these stores will require a CVV for some purchases and not others.

Stores can set price thresholds before the system will ask for a CVV.

There are also cases where stores will stop asking for a CVV after you have already completed a purchase.

Second, you will find that CVV numbers simply aren’t applicable in a lot of online transactions.

So, let’s get into some of the common scenarios where a CVV won’t be used and why.

You’ll see that pretty much any online store could fall into some of these categories in at least some instances.

#1 Stores With Saved Credit Card Information

A lot of stores offer to save your financial information.

The assumption is that you will make another purchase in the future.

So, if you save your info, it makes your next purchase that much easier.

Even when this is the case, stores vary in what they do.

Some will ask you to confirm the CVV every time, and others won’t.

For the stores that don’t repeatedly ask for your CVV, here’s the motivation.

If you make a purchase, it gets delivered, and there is no complaint or report of fraud with your card, the store can assume that it was a legitimate purchase.

Moving forward, unless you change the financial or shipping information, the store can continue to assume that you are the rightful owner of the card, so the CVV confirmation isn’t necessary anymore.

#2 Stores With Alternate Payments

On a completely different note, there are a lot of stores that accept payments that don’t attach to credit or debit cards.

The easiest example is PayPal.

If you have a PayPal account set up, many, many online stores will accept payments from PayPal. 

When that happens, you don’t even put in a credit card number.

Instead, you choose PayPal as your method of payment, and the PayPal system kicks into gear.

It might ask you to sign in or go through a digital verification process, but it still doesn’t need you to enter the card info.

Naturally, if you aren’t using a credit card for the purchase, it makes sense that you don’t need to supply a CVV.

#3 Stores That Accept Payment Management

There’s a third scenario that exists somewhere in between these other payment concepts.

There are payment management systems that will store your credit (or debit) card information for you.

Two prominent examples are Apple Pay and Google Wallet.

If you use a system like this, then when you go to make your purchase, you are ultimately paying with a card on file.

But, the payment manager works a lot like PayPal in the previous example.

The management system handles verification and processing, so the online retailer doesn’t actually get your direct credit card information.

In these examples, the CVV is usually on file with the management system, but you don’t have to enter it into the retailer’s website to make a purchase.

Why Don’t Some Online Stores Use CVV? (3 Things)

So, what’s the deal?

If the CVV is supposed to protect your financial information, why wouldn’t a store use it?

Some of those examples make sense.

If the CVV isn’t an applicable option, it won’t be there.

But in the case of Amazon, it just never asks.

When a retailer could use the CVV, why wouldn’t they?

What’s the motivation there?

Once again, there are a few different scenarios where it makes sense.

In general, retailers skip CVV verification because they have other security measures in place or they don’t mind the risk.

#1 Address Verification

Address verification is a great example of how an online store can verify you are the card owner without using the CVV.

Basically, they can cross-reference your IP address with the address for the card on file.

For those unfamiliar, your IP address is a digital address that corresponds with your physical location. (There are actually different kinds of IP addresses that hold different kinds of information, but the physical IP address is the one that matters for this discussion.)

So, the retailer can see if you’re ordering from the address attached to the payment information.

If you aren’t, then it will likely trigger additional verification procedures, and those might include the CVV.

The point is that most retailers that don’t require a CVV are still taking measures to prevent fraudulent charges.

#2 Recurrent Transactions

I mentioned this earlier, but we can delve into it a little deeper.

If you have already completed a purchase from a store, and there were no complaints or reports, then the store can assume that you are the rightful owner of the card.

It’s pretty simple, right?

If you see a charge on your card that doesn’t make sense, you’ll report it and try to get a refund.

So, a lot of retailers assume that no news is good news, and they can stop asking for a CVV unless a complaint emerges.

This same philosophy applies to subscriptions too.

This is why Netflix doesn’t feel the need to ask for your CVV every month when the bill refreshes.

#3 Risk Tolerance

There’s a final group of retailers that takes a different look at things.

Some stores simply don’t care enough to implement a CVV check.

This might sound really bad, but it’s not what it probably sounds like.

You see, if you contact your card issuer and tell them a charge is fraudulent, they’re going to investigate the transaction.

They will contact the online store that placed the charge and see what they can find.

Unless the store can prove that it really was you who made the purchase, the credit card company is usually going to err on your side and force a refund.

When that happens, a store sees it as a chargeback.

Basically, the credit card company revokes the payment, and the store is out whatever money they originally charged you.

For some stores and business models, chargebacks are rare enough that they don’t have to worry about it that much.

If something happens, they just eat the cost and move on.

This can be true for very small or very niche online stores that happen to rarely see chargebacks.

Author

  • Theresa McDonough

    Tech entrepreneur and founder of Tech Medic, who has become a prominent advocate for the Right to Repair movement. She has testified before the US Federal Trade Commission and been featured on CBS Sunday Morning, helping influence change within the tech industry.