I purchased something by phone recently and was asked for the security code on the back of my credit card. I thought it was strange, but she said she needed it to complete the transaction. I heard on the news that you should never give that out. Is that true?
I'm always skeptical of statements that include words like "never" or "always." There is usually an exception, and this instance is no different.
The reason you were asked for the security code was to protect you from fraud. When you are making a transaction by telephone or over the Internet, the business has no way to know that you actually are holding the card and didn't just steal someone's credit card number.
By providing the security code you are verifying that you actually have the credit card, adding a layer of protection for you and the business. That is what the security code was designed to do.
However, that doesn't mean you should always give the code when you are asked for it.
The same common sense rules apply to sharing the security code that apply to providing your Social Security number. Here is my short list of absolutes:
- Provide the number only if you initiate contact with the business.
- Only provide the code when you understand why the business needs it.
- Only provide the security code when you are confident the business is legitimate.
- Never provide the code to someone who calls you.
- Never provide the code in response to an email that is sent to you unless the email is in response to a transaction you initiated and you understand why you got the email.
The same rules apply to other sensitive personal information. There are good reasons for a business to request information and for you to share it, but there are predators out there who would like to get that information, too, so you have to be careful.
Thanks for asking.
The "Ask Experian" team