Google Answers Logo
View Question
Q: CVV (both CVV1 and CVV2), CVC - i need a complete explanation. ( Answered,   3 Comments )
Subject: CVV (both CVV1 and CVV2), CVC - i need a complete explanation.
Category: Business and Money > eCommerce
Asked by: ecommercial-ga
List Price: $150.00
Posted: 17 Sep 2004 13:01 PDT
Expires: 17 Oct 2004 13:01 PDT
Question ID: 402632

Can anyone explain me in details how does VISA CVV(1 and 2) and
MasterCard's CVC work? I need a complete explanation on which data is
the source for this value, what algoruthm's are used to encrypt this
value etc etc. A link to some discussion or a standartisation article
would be also useful.

Thank you.
Subject: Re: CVV (both CVV1 and CVV2), CVC - i need a complete explanation.
Answered By: tox-ga on 30 Sep 2004 15:01 PDT
Hi there,

First I'd like to point out the Google Answers disclaimer on the
bottom of the page, and remind you that most of the following
information that was found is strictly to be used for educational

The CVV (Card Verification Value) is a sequence of digits constructed
by cryptographic process and written to the magnetic stripe of the
card.  Data such as card number, the expiration date and the service
code is triple encrypted using a special Card Verification key pair,
and selected digits from the results are used to create the CVV.  The
algorithm used in the calculation is  similar to that of PIN
For information on how these cards are encrypted, please refer to:

Specifically, CVC (card verification code) and CVV (card verification
value) are encrypted using the Triple DES system.  The Triple DES used
for CVC and CVV uses two single length Keys such that the first Key
encrypts data, the second Key decrypts the results of that encryption,
and the first Key encrypts the results of the description.
For details on the use of DES and 3DES in financial institutions,
please refer to the following white paper.

For a visual representation of how the encryption works please take a look at:

Since PIN encryption uses same/similar system, here's a sample excerpt
to provide you with a better understanding of how it works:
The PIN (Personal Identification Number) is basically encrypted as
follows. The card number is taken as an hexadecimal number and is
encrypted with the DES algorithm using a secret key, which is called
the "PIN key". The first four digits are decimalized (i.e., A = 0, B =
1, ...) and are called the "natural PIN". An offset is added (without
carry) to the natural PIN in order to obtain the customer PIN. The
customer PIN may be changed but the natural PIN cannot. The offset is
what is written in track 3 and I called the "encrypted PIN". Here you
have an example:

Card number: 1234567890123445hex input for DES.
PIN key: 0123456789ABCDEFhex key for DES.
Encrypted card number: 9A466AD30DFE0381hex output from DES.
Natural PIN: 9046.
Offset: 2298 (this number is written on track 3).
Customer PIN: 1234. 
The author also recommends the following links:

Breaking the Visa PIN

Original Visa Scheme

Discussion on other systems

The CVV, however, is still only an additional security; it is not fool
proof.  Even systems with much higher security, the 96-digit enryption
algorithm, was cracked by hackers and posted on the internet in the

If you would like more information on the 3DES encryption system, or
would like clarification on any part of the answer, please feel ask


Google search terms: 3des double length cvv card verification algorithm encryption
Subject: Re: CVV (both CVV1 and CVV2), CVC - i need a complete explanation.
From: probonopublico-ga on 17 Sep 2004 21:22 PDT
Subject: Re: CVV (both CVV1 and CVV2), CVC - i need a complete explanation.
From: krisbailey-ga on 28 Sep 2004 08:02 PDT
from what i understand this is not something that you can calculate
unless you have access to visa's DES keys.  an in dept explaination of
how the process works can be found here:
Subject: Re: CVV (both CVV1 and CVV2), CVC - i need a complete explanation.
From: tilde-ga on 08 Jun 2005 06:48 PDT
do you think there will ever be a CVV generator?...or is it too
dependant on the DES keys?. . .

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy