How can hackers steal your credit card CVV number?

Information verified correct on October 28th, 2016

Discover how hackers can get hold of the three digits on the back of your card and what you can do to protect your finances.

You’ve probably been asked for your CVV number many times when shopping online. This number, also known as the CVV2 or CSC (Card Security Code), is used to protect your credit transactions against fraud when making purchases online and over the phone. However, if a hacker gets hold of your CVV, they could be able to use your card details for fraudulent transactions.

Given that credit card fraud in Australia is currently on the rise, it’s important to understand how hackers can get this number and the tips you can follow to protect your finances.

How can a hacker get my CVV number?

There are two main ways that hackers are likely to get your CVV number. The first is by phishing and the second is the use of a web-based keylogger. We explain how both of these work here:

  • Phishing. This is a form of online security theft where fraudsters steal sensitive information, such as your credit card details. Have you ever received an email that looked like it might have been sent by your bank but had a few suspicious details? Maybe the return email address wasn’t the official address you usually receive correspondence from, or maybe there was a link to an unfamiliar website? It’s likely that this was a phishing email. How do these work to acquire your credit card information? Some examples include obfuscated links (URLs that look legitimate but direct you to the phisher’s website), DNS cache poisoning (which involves a phisher changing the DNS server information so that everyone who accesses the site is redirected to another site) and screen capture trojans (used to record and report information to the phisher).
  • Keylogger. A keylogger can be illegally installed on an online merchant’s website so that all of the data customers submit to the site is duplicated and forwarded to the attacker’s server. They do this by form grabbing: taking form data submitted by users (such as your name, address, credit card number and, of course, your CVV). The keylogger is designed to capture this data entered in the form field before it’s encrypted when you submit it to the site. Most fraudsters don’t collate this information themselves, though. Instead, they purchase packages of cardholder data, including account names, full card numbers, expiration, CVV2 numbers and postcodes.

How can I protect my CVV and finances?

Online transactions aren’t entirely risk free, but there are some simple steps and tips you can consider to reduce your chances of becoming a victim of online credit card fraud.

  • Use anti-virus software. Install anti-virus software and firewalls to protect your finances and other personal information when shopping or just browsing online.
  • Look for the signs. Whenever you receive an email, especially if it’s requesting any type of personal or financial information, look out for telltale signs such as generic greetings, threats to your account that call for immediate action, suspicious links and email address, and misspelling and poor grammar. If it’s an email from your bank and you’re unsure whether it’s legitimate or not, it’s safer to contact the bank directly to follow it up.
  • Check the site’s SSL certificate. Unfortunately, not all sites on the Internet are legitimate, so it’s important to confirm whether a site is secure before making a purchase. SSL certificates are small data files that, when installed on a web browser, activate a padlock symbol and the https protocol which ensures secure connections from a web server to a browser. So, typically, if you see that padlock symbol, the site is safe.
  • Use services like PayPal. If you don’t want to enter your credit card details, use secure services such as PayPal which don’t require you to enter your details when you’re making a purchase. Instead, you create a PayPal account, enter your PayPal details there and then all payments are made through your secure PayPal account rather than through the retailer’s website.

Unfortunately, credit card scams are becoming more common in Australia. However, there are some simple precautions you can take to protect your money. If you suspect that you’ve been the victim of a credit card scam or if you’ve identified fraudulent transactions on your account, contact your bank immediately. If you’d like to report a scam, you can inform ASIC (Australian Securities & Investments Commission) via their website.

Back to top

Sally McMullen

Sally McMullen is a journalist at who is a credit cards and travel money expert by day and music maven by night.

Was this content helpful to you? No  Yes

Related Posts

Ask a Question

You are about to post a question on

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Disclaimer: At we provide factual information and general advice. Before you make any decision about a product read the Product Disclosure Statement and consider your own circumstances to decide whether it is appropriate for you.
Rates and fees mentioned in comments are correct at the time of publication.
By submitting this question you agree to the privacy policy, receive follow up emails related to and to create a user account where further replies to your questions will be sent.

Credit Cards Comparison

Rates last updated October 28th, 2016
Purchase rate (p.a.) Balance transfer rate (p.a.) Annual fee
Virgin Australia Velocity Flyer Card - Balance Transfer Offer
Enjoy a 0% p.a. balance transfer offer for 18 months and also earn 2 bonus Velocity Points in the first 3 months on everyday spend.
20.74% p.a. 0% p.a. for 18 months $64 p.a. annual fee for the first year ($129 p.a. thereafter) Go to site More info
ME Bank frank Credit Card
Enjoy a low and consistent interest rate on purchases and cash advances, combined with no annual fee.
11.99% p.a. $0 p.a. Go to site More info
HSBC Platinum Credit Card
Receive a full annual fee refund and save $149 if you meet the $6,000 spend requirement. Enjoy a balance transfer offer and platinum card benefits such as complimentary insurances and concierge services.
19.99% p.a. 0% p.a. for 15 months $149 p.a. Go to site More info
NAB Low Rate Credit Card
The NAB Low Rate Card offers 0% p.a. on purchases and balance transfers for 15 months. This card also comes with a low annual fee.
0% p.a. for 15 months (reverts to 13.99% p.a.) 0% p.a. for 15 months with a one off 3% balance transfer fee $59 p.a. Go to site More info

* The credit card offers compared on this page are chosen from a range of credit cards has access to track details from and is not representative of all the products available in the market. Products are displayed in no particular order or ranking. The use of terms 'Best' and 'Top' are not product ratings and are subject to our disclaimer. You should consider seeking independent financial advice and consider your own personal financial circumstances when comparing cards.

Ask a question