Protecting Member Payments: CVV, AVS, SSL, and More

The CVV (Card Verification Value) is a small code printed on every credit and debit card.

On Visa, MasterCard, and Discover, the 3 digits on the back.

On American Express, the 4 digits on the front.

Why it matters for associations:

1. Ensures the member has the actual card when paying online.
2. Helps prevent fraud when card numbers are stolen but the card itself isn’t.

Important note: The CVV is not the card’s PIN. A PIN is only for ATMs or in-person use, and it should never be entered into online forms.

The Address Verification System (AVS) checks the billing address entered by a member against the address their bank has on file.

If the addresses match, the payment is more likely legitimate.

If they don’t match, the system may flag or decline the payment.

For associations, AVS is a critical tool to reduce fraudulent transactions, especially for online donations and program registrations, where fraud attempts are common.

When members submit payment details, that sensitive information travels from their browser to your website. An SSL (Secure Sockets Layer) certificate ensures this process is safe.

SSL encrypts the data so it can’t be intercepted by hackers.

It activates the padlock icon and “https://” in the browser bar, showing members your site is secure.

Without SSL, browsers may flag your site as “not secure,” which can damage trust and hurt registrations or donations.

Simply put: SSL isn’t optional, it's mandatory in today's age.

Behind the scenes, every online payment runs through a payment gateway.

It transfers payment details securely between your website, the card networks, and the bank.

It applies fraud checks (like CVV and AVS). It sends back approval or decline in seconds.

For associations, choosing a reliable, PCI-compliant payment gateway ensures that all member payments are handled securely.

We currently recommend Elavon as a payment gateway.

If your association accepts credit card payments, you must follow PCI DSS (Payment Card Industry Data Security Standard).

These are security rules created by the card networks.

They cover how payment data is handled, stored, and transmitted.

Even small associations must comply, often with a self-assessment questionnaire.

Non-compliance can lead to fines, higher fees, or losing the ability to process cards—so it’s not something to overlook.

A chargeback happens when a member disputes a payment with their bank. Too many chargebacks can create administrative headaches and even risk your association’s ability to process payments.

By requiring CVV, enabling AVS, and using SSL, your association greatly reduces fraud-related chargebacks.