The UK and Europe's number one card payment processor*
Share Follow Me on Pinterest

Navigate This Section

 

Contact Us

Get in touch

Require additional information or interested in accepting card payments? Don't hesitate to get in touch. see more

 

Quick Links

Important Changes to the Card Security Code (CSC) Procedure

Monday 3rd January 2011

The Card Security Code (CSC) is a three digit code printed on the signature panel of MasterCard and Visa cards, and a four digit code printed on the front of an American Express Card, and is validated as part of your authorisation request.

When accepting a Cardholder Not Present transaction, it is best practice for the cardholder to submit the CSC with each transaction. This offers an additional protection against fraud, to both you and your customer.

The Card Security Code (CSC) is a three digit code printed on the signature panel of MasterCard and Visa cards, and a four digit code printed on the front of an American Express Card, and is validated as part of your authorisation request.

Visa released a mandate effective 1 June 2009 making this a compulsory requirement for all ecommerce and telephone order CNP transactions.

This mandate relates specifically to CNP transactions where the cardholder is connected either by telephone or the web, at the time of the transaction. This removes the need to store the CSC as it will have been relayed during the transaction process.

In order to maximise the benefits of this change and provide a consistent approach to your customers we are also making CSC checking for all cards compulsory in your business. Please do remember that the security of cardholder data is extremely important and once a transaction has been authorised the CSC number must be destroyed.

There are circumstances under the rules of the Payment Card Industry Data Security Standard (PCI DSS*) where the storage of this data is not permitted under any circumstances. This therefore means that there will be occasions when merchants will be unable to comply with this instruction and therefore the following exemption categories have been agreed:

Exemptions Categories

  • Recurring and instalment payments
  • Hotels
  • Car Hire
  • Travel and Entertainment deferred or amended charges
  • Health Care incidental expenses
  • Account on file CNP transactions
  • Split transactions i.e. Holiday deposits
  • Business travel agents
  • Mail Order

For detailed information about the above exemption categories, please refer to the Q&As and exemption document below:

Further Links

* Payment Card Industry Data Security Standard (PCIDSS) aims to ensure that every Merchant, Payment Service Provider, Third Party and Acquirers stores, processes or transmits cardholder data in a secure manner.

Notes to editors:

 

About Streamline

Streamline is the UK’s leading card payment acquiring business which allows customers to accept card payments at point of sale, over the phone and the internet. The company offers services across the entire payment value chain, including transaction capturing, merchant acquiring and transaction processing.
Clients vary in size from small family run companies to large multi-national corporations, spanning a broad spectrum of industries and sectors. 

Streamline is part of the WorldPay group of companies; one of the top five global players in card processing.

Associated Downloads

  • Q&A's and Exemption Categories

    • Download csc mandate faqs Q&A's about changes to the Card Security Code (CSC) procedure
      44 KB, PDF download

 
 
Copyright © 2011 WorldPay (UK) Ltd, authorised and regulated as a Payment Institution by the Financial Services Authority 530923. Media or Press? Visit our Media Centre
 

* By transaction value and volume. Nilson Report 2010.