• Payments and Transfers
  • Disputes and Limitations
  • My Account
  • My Wallet
  • Login & Security
  • Seller Tools

How is customers' credit card security protected when they use Virtual Terminal?

When you process a transaction with Virtual Terminal, the card issuer verifies the customer's credit card and billing address to help prevent fraud.

Card Security Code

Card Security Code (CSC, also known by many other names including CVV) is a security feature that helps to protect against fraud. The CSC, imprinted on a physical credit card presented as payment, provides proof that the card is valid.

When you process a transaction using Virtual Terminal, you enter the credit card's CSC on the Virtual Terminal Main page.

CSC placement

When you finish entering transaction data in Virtual Terminal, PayPal sends the CSC to the card issuer, who checks the CSC you entered and sends back a response code, which Virtual Terminal displays. This code tells you about the status of the CSC check. For descriptions of the codes, see What does Virtual Terminal do when a credit card can't be verified?

Address Verification System

Address Verification System (AVS) is another security feature that checks the billing address associated with the customer's card. AVS compares the billing address that is on file at the cardholder's issuing bank against the billing address you enter in Virtual Terminal. If the addresses don't match, the transaction is declined.

Note: AVS is mainly available for U.S.-based cards, with limited international support.

When you finish entering transaction data in Virtual Terminal and process the transaction, PayPal sends the billing data to the card issuer, who performs the AVS match. The card issuer sends the match results, in the form of a response code, to PayPal and Virtual Terminal displays it. The code tells you which part of the entered customer's billing address AVS matched.

If you want to accept only transactions that pass the AVS match test, you should process Authorizations first and then capture the transactions separately based on the response. For AVS response code descriptions, see What does Virtual Terminal do when a customer's address can't be verified?

Note: You can use the PayPal fraud filters to set up transaction acceptance or denials based on the card issuer's response to the CSC check or the AVS match test.
Was this article helpful?

More ways we can help

How are we doing?
Take our survey