Finder makes money from featured partners, but editorial opinions are our own.

How can hackers steal your credit card CVV number?

Discover how hackers can get a hold of the three digits on the back of your card and what you can do to protect your finances.

You’ve probably been asked for your CVV number when shopping online. This number, also known as the CVC (card verification code), is used to protect you from fraud when making purchases online and over the phone.

However, if a hacker gets hold of your CVV number, they can use your credit card details to make fraudulent transactions. Given that online credit card fraud is on the rise worldwide, it’s important to understand how hackers can get this number – and how you can keep your finances safe.

What is a CVV number?

Your CVV number, or card verification value, is a three or four-digit number located on your credit card. You can typically find it on the back of your card, to the right of your signature box.

The CVV number is an anti-fraud measure used when you’re making a purchase but aren’t required to enter a PIN or sign a receipt. This is why you’re often asked to enter your CVV number if you’re shopping online or making a purchase over the phone. This is so the merchant or payee can verify that you are indeed the cardholder, which can avoid people using your card for fraudulent transactions.

What is a credit card CCV / CVC number image

How can a hacker get my CVV number?

There are two main ways that hackers can get your CVV number. The first is by phishing and the second is by using a web-based keylogger.

  • Phishing. This is a form of online security theft where sensitive information is stolen, such as your credit card details. Phishing can include tricky links (URLs that look legitimate but redirect you to the phisher’s website), DNS cache poisoning (which involves a phisher changing the DNS server information so that everyone who accesses the site is redirected to another site) and screen capture malware (used to record and report information to the phisher).
How does phishing work?

Have you ever received an email that looked like it might have been sent by your bank but it had a few suspicious details? Maybe there were tons of typos, the return email address wasn’t the official address you usually receive correspondence from or perhaps there was a link to an unfamiliar website. If any of these apply, it’s likely that this was a phishing email.

  • Keylogger. A keylogger can be illegally installed on an online website so that all of the data customers submit to the site is duplicated and forwarded to the attacker’s server. They do this by form grabbing: taking form data submitted by users (such as your name, address, credit card number and, of course, your CVV number). The keylogger is designed to capture your data entered in the form field before it’s encrypted and submitted to the site.
Did you know?

Most fraudsters don’t gather this information themselves. Instead, they purchase packages of cardholder data, including account names, full card numbers, expiration dates, CVV numbers and addresses.

Who is most likely to be researching CVV number fraud?

Finder data suggests that men aged 18-24 are most likely to be researching this topic.

ResponseMale (%)Female (%)
Source: Finder sample of 951 visitors using demographics data from Google Analytics

How can I protect my CVV and finances?

Even though online transactions are becoming more secure as technology develops, there are some simple steps you should take to reduce your chances of becoming a victim of online credit card fraud.

  • Use anti-virus software. Install anti-virus software and firewalls to protect your finances and other personal information when shopping or browsing online.
  • Look for the signs. Whenever you receive an email, especially if it’s requesting any type of personal or financial information, look out for telltale signs such as generic greetings, threats to your account that call for immediate action, suspicious links and email addresses, and misspelling and poor grammar.
  • Check the site’s SSL certificate. SSL certificates are small data files that, when installed on a web browser, activate a padlock symbol and the https protocol which ensures secure connections from a web server to a browser. So, typically, if you see that padlock symbol as well as the “s” after http, the site is safe.
  • Use services like PayPal. If you don’t want to enter your credit card details, use secure services such as PayPal which don’t require you to enter your details when you’re making a purchase. Instead, you create a PayPal account, enter your details there and then all payments are made through your secure PayPal account.

If you’re the victim of fraud…

Unfortunately, credit card scams are becoming more common, not only in Canada, but worldwide. However, there are some simple precautions you can take to protect your money.

If you suspect that you’ve been the victim of a credit card scam or if you’ve identified fraudulent transactions on your account:

  • Contact your bank or credit card provider immediately.
  • Place a fraud warning on your credit report by contacting the two credit bureaus, Equifax and TransUnion.
  • Report a scam to the Canadian Anti-Fraud Centre (CAFC) via its website or by phone (1-888-495-8501).

Learn more about CVV / CVC numbers here

Frequently asked questions

More guides on Finder

Go to site